Re: Table enumeration

From: Allen Harper (harperaa@yahoo.com)
Date: 02/22/02


From: "Allen Harper" <harperaa@yahoo.com>
To: "Adik" <abdulla@mail.auk.kg>, <pen-test@securityfocus.com>
Date: Thu, 21 Feb 2002 22:16:54 -0800

Adik,

Dave Aitel's friends over at @stake recently gave us a course in Monterey,
California. This document was used and basically offers an answer to your
question. It is written by David Litchfield. This was also presented at
Blackhat Windows 2k security (Feb 2001). It deals with the use of ODBC
errors. Note, requires poor programming techniques to be vulnerable.

http://srd.yahoo.com/goo/%22web+application+disassembly%22/1/T=1014358112/F=
61aec52ae3686d314621664a6d0ebb44/*http://www.blackhat.com/presentations/win-
usa-01/Litchfield/BHWin01Litchfield.doc

allen
----- Original Message -----
From: "Adik" <abdulla@mail.auk.kg>
To: <pen-test@securityfocus.com>
Sent: Friday, February 15, 2002 1:54 AM
Subject: Table enumeration

> Hi all!
> How is it possible to enumerate table names in a database file? I've heard
in
> ms sql server there is system table name called sysobjects which contains
all
> table names. A little help would be really appreciated. Thanks.
> Adik
>
>
> --------------------------------------------------------------------------

--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/

_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/



Relevant Pages

  • RE: SQL
    ... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Insurance
    ... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Pen-Testing Lotus Notes/Domino
    ... Subject: Pen-Testing Lotus Notes/Domino ... of document security. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • R: Pen-Testing help (Compaq Insight & htsearch)
    ... This web server happens to be in front of their ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Application & Iplanet/Apache web server vulnerability and penetration testing
    ... I don't know what to do on the web servers other than delete example ... Any suggestions on iPlanet and Apache security? ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)