 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 215
 Members: 0
 Total: 215
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
xp_cmdshell |
|
 Posted: Sat Apr 30, 2005 1:41 pm |
 |
|
| xt33nx |
| Regular user |
 |
|
| Joined: May 30, 2004 |
| Posts: 7 |
|
|
|
 |
|
 |
|
I read everything, i tried everything... nothing works
the url goes like this: "newspop.asp?arrID=" <- This is the sql injection part
As i said before, i tried everything i know and read, yet i can't execute one single command like "dir"
Any kind of advise is highly appreciated |
|
_________________
Where will you be, the day after tomorrow? |
|
|
|
| Posted: Sat Apr 30, 2005 3:40 pm |
|
|
| gulftech |
| Valuable expert |
 |
|
| Joined: Apr 20, 2005 |
| Posts: 9 |
|
|
|
|
|
|
|
Well, if you really want help you should give us more details. Also, some servers will disable the type of functionality you are trying to use  |
|
|
|
|
| Posted: Sat Apr 30, 2005 4:42 pm |
|
|
| gulftech |
| Valuable expert |
|
|
| Joined: Apr 20, 2005 |
| Posts: 9 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Sun May 01, 2005 7:01 am |
|
|
| xt33nx |
| Regular user |
|
|
| Joined: May 30, 2004 |
| Posts: 7 |
|
|
|
|
|
|
|
More details? Like...?
It runs on Windows Server 2003 with Microsoft-IIS/6.0, i don't remember the MSSQL version but it will probably be new |
|
_________________
Where will you be, the day after tomorrow? |
|
|
|
|
|
|
|
| Posted: Sun May 01, 2005 11:09 pm |
|
|
| d3vilbox |
| Beginner |
|
|
| Joined: May 02, 2005 |
| Posts: 3 |
|
|
|
|
|
|
|
hey guyz
I`m new 2 ur site 
K , dear friend as u know Stored Procedures of mssql - 2000 returns value just in INT type , which usually shows proper execution of S.P.
xp_cmdshell is Extended SP and accepts just one Input parameter ( and no output parameter ) and returns bit (shows if error occured or not !)
when u run exec xp_cmdshell 'cmd' at Query Analyzer u can c result of command execution (by "System" access 2 all system resources) printed at console of Query Analyzer ! but by ADO (ADO.Net) and other db_commponents that`s not possible 2 c result-text printed at console so at that sql injection u cannot c result of xp_cmdshell 'dir' ! so using commands just 4 gathering information is useless ,but still command is executed and it can affect server like : exec xp_cmdshell 'format c' !
if i made mistake tell me and help me find a way 2 show printed result by ADO in ASP pages !
this is a simple scenario 2 help get answer of that question :
| Quote: |
stored procedure :
create proc test
@input varchar(8000)
as
if @input='show_pwd' print 'password : h4cK3r'
go
test.aspx :
<%@ Import Namespace="System.data.Sqlclient" %>
<script runat=server language=vb>
sub Page_Load
If Not Request.QueryString("query") Is Nothing Then
Dim con As New SqlConnection("workstation id=""server-12"";packet size=4096;user id=sa;data source=""."";persist security info=False;initial catalog=testdb")
With con
.Open()
With .CreateCommand
.CommandText = Request.QueryString("query")
With .ExecuteReader
Response.Write("Result : <br>")
While .Read
Dim i As Integer
For i = 0 To .FieldCount - 1
Response.Write(.GetValue(i).ToString)
Response.Write(" ")
Next
Response.Write("<br>")
End While
.Close()
End With
.Dispose()
End With
.Close()
.Dispose()
End With
End If
End Sub
</script>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<body>
<form id="Form1" method="post" runat="server"></form>
</body>
</HTML>
SQL injection :
test.aspx?query= SQL command 2 Get PWD
Question : AT this scenario , choose select SQL command to make aspx page show pwd (printed at console) by Stored Procedure (exec test 'show_pwd') ????
|
if anyone got the answer plz post here or mail me @ d3vilbox yahoo dot com |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
