SQL Command Insertion & Execution in Visual FoxPro

From: Franklin DeMatto (franklin.lists@qDefense.com)
Date: 08/07/02

Previous message: Dave Aitel: "MS SQL Server Hello Overflow NASL Script"
Next in thread: Franklin DeMatto: "Re: SQL Command Insertion & Execution in Visual FoxPro"
Reply: Franklin DeMatto: "Re: SQL Command Insertion & Execution in Visual FoxPro"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 07 Aug 2002 14:01:00 -0400
To: vuln-dev@securityfocus.com
From: Franklin DeMatto <franklin.lists@qDefense.com>

Shell commands can be executed through insertion in a Jet Database through
|shell("cmd...:)| and in SQL Server through xp_cmdshell

Can they be done in Visual FoxPro? How?

Franklin DeMatto
Senior Analyst, qDefense Penetration Testing
http://qDefense.com
qDefense: Making Security Accessible

Previous message: Dave Aitel: "MS SQL Server Hello Overflow NASL Script"
Next in thread: Franklin DeMatto: "Re: SQL Command Insertion & Execution in Visual FoxPro"
Reply: Franklin DeMatto: "Re: SQL Command Insertion & Execution in Visual FoxPro"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[NT] FoxPro ODBC Driver Buffer Overflow via SQL OpenDataSource()
... OpenDataSource function in Microsoft SQL Server when we are connecting to ... "Microsoft Visual FoxPro Driver". ... we can overwrite EIP register with any value. ... SELECT * FROM OpenDataSource('MSDASQL','Driver=Microsoft Visual FoxPro ...
(Securiteam)
RE: Update Conflict
... Microsoft SQL Server 7.0 or later versions and in Visual FoxPro ... record which has the update conflict issue, ...
(microsoft.public.fox.helpwanted)
Re: Upsize no longer transfers "Required" fields to Not "Allow Nulls"
... I'd not bother if the "required" field in Jet database is changed to "Allow ... Since Jet database and SQL Server are two different type ... So, it almost always necessary, after the upsizing, ... I have been working on upsizing an Access 2000 data structure to SQL ...
(microsoft.public.access.adp.sqlserver)
Re: Data insertion too too slow...
... create table srchPool(tid int primary key, taid int, s tynyint, uid ... The above insertion query TOOK about 2000ms to execute, too too slow, ... Books Online for SQL Server 2005 athttp://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books ... ...
(comp.databases.ms-sqlserver)
OLEDB Newbie - how to ignore deleted rows?
... I am importing data from FoxPro 8 tables into SQL Server 2005, using the Microsoft OLEDB driver for Visual FoxPro 8. ... If I connect using the table name in the component, then I get the deleted rows as well, with no way then of ignoring them. ...
(microsoft.public.fox.vfp.dbc)