JET sql help please anyone

From: Gary O'leary-Steele (GaryO@sec-1.com)
Date: 11/30/01

Previous message: Zen: "Re: opinions on Vigliante's SecureScanNX for attack/pen work?"
Next in thread: Kevin Spett: "Re: JET sql help please anyone"
Reply: Kevin Spett: "Re: JET sql help please anyone"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Gary O'leary-Steele" <GaryO@sec-1.com>
To: <PEN-TEST@securityfocus.com>
Subject: JET sql help please anyone
Date: Fri, 30 Nov 2001 12:07:14 -0000
Message-ID: <NLEEKGBCFBNEHNPCPNFLGECNCAAA.GaryO@sec-1.com>

hello all,

I am performing a pen test against a IIS server which uses Microsoft jet to
contact a database. I tried the usual stuff such as ' in the various fields
and received a promising error

Microsoft JET Database Engine error '80040e14'
Syntax error in string in query expression '((User.UserCurrent)=True) AND
(User.UserId = ''') ORDER BY user.Name'.

/blah/blahbalh/search.asp, line 66

And then tried

')OR |shell("dir")|;

and got

Microsoft JET Database Engine error '80040e14'
Invalid use of vertical bars in query expression '((user.userCurrent)=True)
AND (user.userId = '')OR |shell("dir")|'.

/blah/blahbalh/search.asp, line 66

So i tried

admin' ); master..xp_cmdshell("dir");--

And received

Microsoft JET Database Engine error '80040e14'
Characters found after end of SQL statement.

/blah/blahbalh/search.asp, line 66

various other errors occurred during the test such as

Microsoft JET Database Engine error '80040e14'
Invalid SQL statement; expected 'DELETE', 'INSERT', 'PROCEDURE', 'SELECT',
or 'UPDATE'.

Any ideas?

Regards,
Gary

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Previous message: Zen: "Re: opinions on Vigliante's SecureScanNX for attack/pen work?"
Next in thread: Kevin Spett: "Re: JET sql help please anyone"
Reply: Kevin Spett: "Re: JET sql help please anyone"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-Disclosure] Microsoft JET Database Engine 4.0 buffer overflow.
... Microsoft SQL Server 2000, ... Microsoft JET database engine is a database management ...
(Full-Disclosure)
[NT] Microsoft JET Database Engine 4.0 Buffer Overflow
... Microsoft Jet database engine can be thought of as a data manager upon ... to SQL Server or other ODBC database servers for processing. ...
(Securiteam)
Dragonfly Shopping Cart Multiple vulnerabilities
... Microsoft JET Database Engine error '80040e07' ... Data type mismatch in criteria expression. ...
(Bugtraq)
Re: access 2007 and asp 3.0
... i am in a big trouble with access 2007 ... Microsoft JET Database Engine error '80004005' ... Unrecognized database format. ...
(microsoft.public.office.misc)
Microsoft JET Database Engine 4.0 buffer overflow.
... Microsoft JET Database Engine 4.0 buffer overflow. ... (this means include it in vulnerabilities databases, vulnerabilities scanners, any paid service, etc.) ... Microsoft Jet Database Engine allows the use of Visual Basic for Aplicaciones functions and SQL agregated functions in SQL statements, when a SQL query is executed and a long function name is ... Microsoft SQL Server allows to access remote data from an OLE DB data source using OpenRowset, Opendatasource, Openqueryand Linked Servers. ...
(NT-Bugtraq)