Security Basics mailing list archives
RE: MS Access SQL injection column enumeration
From: "Jeremy Viegas" <jeremy.viegas () gmail com>
Date: Mon, 21 Mar 2005 15:49:07 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Most often the ODBC connection the web app uses prevents access to the msysobjects table of the database. Here is what the error generally looks like: Microsoft OLE DB Provider for ODBC Drivers (0x80040E09) [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read; no read permission on 'msysobjects'. The same queries will work for you inside access when fired straight on the database. Yes, and column enumeration is not an easy task! You might want to look over the access file format (MDB) for Jet 3 and Jet4 databases. Happy Pen-Testing ... ____________________________________________________________________ Jeremy D. Viegas Email: jeremyv () cc gatech edu Masters in Information Security Mobile: 404.324.2993 College of Computing, http://www.cc.gatech.edu/~jeremyv Georgia Institute of Technology (PGP Public Key on my webpage) ____________________________________________________________________ - -----Original Message----- From: RaMatkal x2 [mailto:ramatkal () hotmail com] Sent: Saturday, March 19, 2005 3:34 PM To: security-basics () securityfocus com Subject: MS Access SQL injection column enumeration I am conducting a pen-test on a web app that is vulnerable to SQL injection. The backend database is MS access..... i have managed to get a list of table names using something like the following: select Name, from MSysObjects where Type=1 and Name not like "MSys*"; However, I am struggling to find a way to gather a list of column names from each table which would allow me to read any data from the database...... None of the sql injection papers / tutorials seem to have much to say about Access databases... Anybody got any ideas? Thanks in advance... ramatkal () hotmail com _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQj8zIleSFCUVYYfwAQKJewf/fephzTU7gDkHgZzRTz8GsuQyoduv0J1Q xknDbABjUL0IzrJ39GhJH163WHwuIF5+NFFxo4gb27dNxTXaSNWynQOODKMCp9Cq iVfd+yfy+SrPiE9wxAiVc2wzwxAU3ZWyq8aMSdo6OsoHef1tq9AiAPes2Sqmheum wHrCcySdnn+9f9oDL21ZIdZHd+yIWqFJAwykEdEZUUJ2ZmFVDuHkl2/Vlo+Kcn8M AH0MdtG+h7TOM7sx04Au2IHGGfXT48caXRtaQcSO6Z2FsdU5WQj6+GzFCxYSE0+A XLVSQ1Qn1CmYctD0rFSUa/2g0i1mB9Ac7l3JyWcHJpX+7F+YC1DbyQ== =ueyg -----END PGP SIGNATURE-----
Current thread:
- MS Access SQL injection column enumeration RaMatkal x2 (Mar 21)
- RE: MS Access SQL injection column enumeration Jeremy Viegas (Mar 21)
- RE: MS Access SQL injection column enumeration Jeremy Viegas (Mar 22)