WebApp Sec mailing list archives
Re: Blind SQL Injection / Stored procedures
From: Laramies <laramies2k () yahoo com ar>
Date: Wed, 16 Nov 2005 15:03:25 +0100
Hi Andres, you could try to write the results of the xp_makewebtask in shared folder of other server, or if the Database server has access to Internet, you could try in your own shared folder.
Other scenario: If there is a Ftp server reacheable by the DB server you could dump the file with xp_makewebtask, and then ftp the file to Ftp server. You also need a ftp account :(
Cheers Christian Martorella Andres Molinetti wrote:
Hi List,I am currently testing a clients Web Site. I have found that it is vulnerable to Blind SQL Injection, so I have been able to enumerate tables, columns, etc. It interact with an SQL Server 2000 SP3.The problem is that, despite I was able to enumerate tables and columns (through base..syscolumns) I am not able to access any data of those tables.I think this can be happening because the priviledges are assigned to stored procedures, and not directly to users, which is a good practice.Then my problem is how can I use an stored procedure to get some data? I think I am able to run, but how can I do to get its results?I know that there is an xp_makewebtask which lets me write sql queries to a file, but as the sql server resides in a different machine that the web server, I cannot get those files.Thanks in advance, Andy _________________________________________________________________Dale rienda suelta a tu tiempo libre. Encuentra mil ideas para exprimir tu ocio con MSN Entretenimiento. http://entretenimiento.msn.es/
___________________________________________________________ 1GB gratis, Antivirus y Antispam Correo Yahoo!, el mejor correo web del mundo http://correo.yahoo.com.ar
Current thread:
- Blind SQL Injection / Stored procedures Andres Molinetti (Nov 15)
- Re: Blind SQL Injection / Stored procedures Adam Tuliper (Nov 15)
- Re: Blind SQL Injection / Stored procedures Laramies (Nov 16)
- RE: Blind SQL Injection / Stored procedures Victor Chapela (Nov 18)
- <Possible follow-ups>
- RE: Blind SQL Injection / Stored procedures LAROUCHE Francois (Nov 16)
- RE: Blind SQL Injection / Stored procedures Andres Molinetti (Nov 16)
- RE: Blind SQL Injection / Stored procedures LAROUCHE Francois (Nov 17)
- Re: Blind SQL Injection / Stored procedures Phillip Powell (Nov 17)
- RE: Blind SQL Injection / Stored procedures Evans, Arian (Nov 17)
- Re: [WEB SECURITY] RE: Blind SQL Injection / Stored procedures Frederic Charpentier (Nov 17)
- RE: Blind SQL Injection / Stored procedures LAROUCHE Francois (Nov 18)
- Re: Blind SQL Injection / Stored procedures ascii (Nov 18)