| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <OFD9AA0582.90B14B18-ON00256FCB.00514308-00256FCB.00515820@mail01.simi.is> From: eirikure at simi.is (Eiríkur Eiríksson) Subject: MS Access SQL injection column enumeration The simplest way would be query each of the tables whose names are returned from the first query, something like this: SELECT TOP 1 * FROM <TABLE_NAME> This will return a single row and column names. ----- Kve?ja/Regards Eirikur Eiriksson ?ryggisstj?ri / CISO S?minn / Iceland Telecom full-disclosure-bounces@...ts.grok.org.uk wrote on 19.03.2005 20:23:17: > I am conducting a pen-test on a web app that is vulnerable to SQL > injection. The backend database is MS access..... > > i have managed to get a list of table names using something like the > following: > select Name, from MSysObjects > where Type=1 > and Name not like "MSys*"; > However, I am struggling to find a way to gather a list of column > names from each table which > would allow me to read any data from the database...... > None of the sql injection papers / tutorials seem to have much to > say about Access databases... > Anybody got any ideas? > Thanks in advance... > ramatkal@...mail.com_______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050321/718a3a2e/attachment.html
Powered by blists - more mailing lists