MS Access SQL injection column enumeration
From: RaMatkal x2 (ramatkal_at_hotmail.com)
Date: 03/19/05
- Previous message: Jeff Bryner: "RE: Automated website mapping with Google"
- Next in thread: Felikz: "Re: MS Access SQL injection column enumeration"
- Reply: Felikz: "Re: MS Access SQL injection column enumeration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: pen-test@securityfocus.com Date: Sat, 19 Mar 2005 20:29:59 +0000
I am conducting a pen-test on a web app that is vulnerable to SQL injection.
The backend database is MS access.....
i have managed to get a list of table names using something like the
following:
select Name, from MSysObjects
where Type=1
and Name not like "MSys*";
However, I am struggling to find a way to gather a list of column names from
each table which
would allow me to read any data from the database......
None of the sql injection papers / tutorials seem to have much to say about
Access databases...
Anybody got any ideas?
Thanks in advance...
ramatkal@hotmail.com
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
- Previous message: Jeff Bryner: "RE: Automated website mapping with Google"
- Next in thread: Felikz: "Re: MS Access SQL injection column enumeration"
- Reply: Felikz: "Re: MS Access SQL injection column enumeration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
