[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] MS Access SQL injection column enumeration
- To: "sol seclists" <ramatkal@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] MS Access SQL injection column enumeration
- From: Eiríkur Eiríksson <eirikure@xxxxxxx>
- Date: Mon, 21 Mar 2005 14:48:29 +0000
The simplest way would be query each of the tables whose names are
returned from the first query, something like this:
SELECT TOP 1 * FROM <TABLE_NAME>
This will return a single row and column names.
-----
Kveðja/Regards
Eirikur Eiriksson
Öryggisstjóri / CISO
Síminn / Iceland Telecom
full-disclosure-bounces@xxxxxxxxxxxxxxxxx wrote on 19.03.2005 20:23:17:
> I am conducting a pen-test on a web app that is vulnerable to SQL
> injection. The backend database is MS access.....
>
> i have managed to get a list of table names using something like the
> following:
> select Name, from MSysObjects
> where Type=1
> and Name not like "MSys*";
> However, I am struggling to find a way to gather a list of column
> names from each table which
> would allow me to read any data from the database......
> None of the sql injection papers / tutorials seem to have much to
> say about Access databases...
> Anybody got any ideas?
> Thanks in advance...
> ramatkal@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/