Hey,
haven't spent any thinking on a generic approach yet as I was on an
Oracle DBMS and did fine. But I see your point... I will give it a
thought...
Cheers,
Dennis
Am 25.07.2012 12:09, schrieb Miroslav Stampar:
> Hi again.
>
> Most generic approach would be to use dummy prefix as "9 WHERE
Hi Juan,
master.dbo.xp_execresultset is a stored extended procedure available
on Microsoft SQL Server 2000. It is not availabe on MSSQL 2005/2008
onwards by default, hence the error message and the DBA brute force
attack fails.
Bernardo
On 24 July 2012 14:26, juan molina wrote:
> I was trying
Hi again.
Most generic approach would be to use dummy prefix as "9 WHERE 1=1",
but there are lots of potential pitfalls here (e.g. if column name is
delimited with a DBMS specific column name delimiter). We've added a new
issue for this [1].
Kind regards,
Miroslav Stampar
[1] https://github.
Hi.
How would you exploit this:
SELECT $_GET['id'] FROM table
on all DBMSes?
Oracle and MySQL have DUAL but what with others? At the end we'll end with
10 new payloads and/or boundaries each of those covering each DBMS.
Kind regards,
Miroslav Stampar
On Wed, Jul 25, 2012 at 11:28 AM, Dennis
I'm not sure about Troy, but I had a similar case recently. I could
control the bit of the query between SELECT and FROM, which could be
exploited either with nested (SELECT)s or by expanding the query with
another FROM [...] UNION SELECT [...] to extend the query. SQLmap did
not find the injection
Hi Juan
I'm not convinced it's due to either of your suggestions.
If openrowset is disabled, you'll get an error message that begins
something like:
SQL Server blocked access to STATEMENT 'OpenRowset/OpenDatasource' of
component 'Ad Hoc Distributed Queries' because this component is turned off
a
I was trying sqlninja.
this is the query it use for bruteforce SA password with 1 character
(numbers and letters).
declare @p nvarchar(99),@z nvarchar(10),@s nvarchar(99), @a int, @q
nvarchar (4000) set @a=1 set @s=N'abcdefghijklmnopqrstuvwxyz0123456789'
while @a<37 begin set @p=N'' set @z = subs
