|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 71
Members: 0
Total: 71
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Connect to MSSQL |
|
Posted: Sun Jun 25, 2006 8:11 pm |
|
|
tap |
Beginner |
|
|
Joined: Jun 20, 2006 |
Posts: 2 |
|
|
|
|
|
|
|
i have an user and pass of sql for a web site like this
Provider=SQLOLEDB.1;Password=*****;Persist Security Info=True;User ID=******;Data Source=********
its windows sql server
how can i use this and with wich tool can connect to this
please help me
thanks |
|
|
|
|
Posted: Mon Jun 26, 2006 2:44 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
What type of access do you have to sql/web server? And where you got that connection string? Anyway you need some access to sql server. For example TCP remote connection through ports 1433 or 2433. But in most cases those ports are not accessible. Then you need physical access to sql server.
Share more info |
|
|
|
|
|
|
|
|
Posted: Wed Aug 16, 2006 7:54 am |
|
|
oxygenne |
Advanced user |
|
|
Joined: Apr 13, 2005 |
Posts: 52 |
|
|
|
|
|
|
|
Is there any perl or php script to access mssql.
Following methods seems not to work:
use DBI;
my $DSN = 'driver={SQL
Server};Server=node.domain.com;database=my_database;uid=username;
pwd=userpw;';
my $dbh = DBI->connect("dbi:ODBC:$DSN", 'username', 'userpw',
{ RaiseError => 1, AutoCommit => 1 })
or die "$DBI::errstr\n";
or, in Win32::;
use Win32::ODBC;
my $DSN = 'driver={SQL
Server};Server=node.domain.com;database=my_database;uid=username;
pwd=userpw;';
my $db = new Win32::ODBC("$DSN") or die Win32::ODBC::Error(); |
|
|
|
|
|
|
|
|
Posted: Wed Aug 16, 2006 8:45 am |
|
|
ToXiC |
Moderator |
|
|
Joined: Dec 01, 2004 |
Posts: 181 |
Location: Cyprus |
|
|
|
|
|
|
oxygenne wrote: | Is there any perl or php script to access mssql.
Following methods seems not to work:
use DBI;
my $DSN = 'driver={SQL
Server};Server=node.domain.com;database=my_database;uid=username;
pwd=userpw;';
my $dbh = DBI->connect("dbi:ODBC:$DSN", 'username', 'userpw',
{ RaiseError => 1, AutoCommit => 1 })
or die "$DBI::errstr\n";
or, in Win32::;
use Win32::ODBC;
my $DSN = 'driver={SQL
Server};Server=node.domain.com;database=my_database;uid=username;
pwd=userpw;';
my $db = new Win32::ODBC("$DSN") or die Win32::ODBC::Error(); |
PHP WITH DSN
Code: | <?php
//connect to a DSN "myDSN"
$conn = odbc_connect('myDSN','','');
if ($conn)
{
//the SQL statement that will query the database
$query = "select * from cars";
//perform the query
$result=odbc_exec($conn, $query);
echo "<table border=\"1\"><tr>";
//print field name
$colName = odbc_num_fields($result);
for ($j=1; $j<= $colName; $j++)
{
echo "<th>";
echo odbc_field_name ($result, $j );
echo "</th>";
}
//fetch tha data from the database
while(odbc_fetch_row($result))
{
echo "<tr>";
for($i=1;$i<=odbc_num_fields($result);$i++)
{
echo "<td>";
echo odbc_result($result,$i);
echo "</td>";
}
echo "</tr>";
}
echo "</td> </tr>";
echo "</table >";
//close the connection
odbc_close ($conn);
}
else echo "odbc not connected";
?>
| PHP WITHOUT DSN by using a connection string
Code: |
<?php
$myServer = "localhost";
$myUser = "your_name";
$myPass = "your_password";
$myDB = "examples";
//create an instance of the ADO connection object
$conn = new COM ("ADODB.Connection")
or die("Cannot start ADO");
//define connection string, specify database driver
$connStr = "PROVIDER=SQLOLEDB;SERVER=".$myServer.";UID=".$myUser.";PWD=".$myPass.";DATABASE=".$myDB;
$conn->open($connStr); //Open the connection to the database
//declare the SQL statement that will query the database
$query = "SELECT * FROM cars";
//execute the SQL statement and return records
$rs = $conn->execute($query);
$num_columns = $rs->Fields->Count();
echo $num_columns . "<br>";
for ($i=0; $i < $num_columns; $i++) {
$fld[$i] = $rs->Fields($i);
}
echo "<table>";
while (!$rs->EOF) //carry on looping through while there are records
{
echo "<tr>";
for ($i=0; $i < $num_columns; $i++) {
echo "<td>" . $fld[$i]->value . "</td>";
}
echo "</tr>";
$rs->MoveNext(); //move on to the next record
}
echo "</table>";
//close the connection and recordset objects freeing up resources
$rs->Close();
$conn->Close();
$rs = null;
$conn = null;
?> |
To create 'examples' database on your MSSQL Server you should run the following script:
CREATE DATABASE examples;
USE examples;
CREATE TABLE cars(
id int UNIQUE NOT NULL,
name varchar(40),
year varchar(50),
PRIMARY KEY(id)
);
INSERT INTO cars VALUES(1,'Mercedes','2000');
INSERT INTO cars VALUES(2,'BMW','2004');
INSERT INTO cars VALUES(3,'Audi','2001'); |
|
_________________ who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
|
:( |
|
Posted: Wed Aug 16, 2006 6:57 pm |
|
|
oxygenne |
Advanced user |
|
|
Joined: Apr 13, 2005 |
Posts: 52 |
|
|
|
|
|
|
|
Some error ocured Call to a member function on a non-object at this line $conn->open($connStr) |
|
|
|
|
|
Re: :( |
|
Posted: Fri Aug 18, 2006 9:53 am |
|
|
ToXiC |
Moderator |
|
|
Joined: Dec 01, 2004 |
Posts: 181 |
Location: Cyprus |
|
|
|
|
|
|
oxygenne wrote: | Some error ocured Call to a member function on a non-object at this line $conn->open($connStr) |
double check your databse settingz at the top
$myServer = "localhost";
$myUser = "your_name";
$myPass = "your_password";
$myDB = "examples"; |
|
_________________ who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
|
|
|
Posted: Fri Aug 18, 2006 6:53 pm |
|
|
oxygenne |
Advanced user |
|
|
Joined: Apr 13, 2005 |
Posts: 52 |
|
|
|
|
|
|
|
I don't know if php was compiled with mssql support anyway here is nice java script that has done the job perfectly
<%@ page contentType="text/html; charset=windows-1255" language="java" import="java.sql.*"%>
<head>
<title> JSP, MSSQL version</title>
</head>
<body bgcolor="white">
<%
try {
Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver");
} catch (ClassNotFoundException e) {
out.println("<h1>Driver not found:" + e + e.getMessage() + "</h1>" );
}
try {
Connection conn = DriverManager.getConnection ("jdbc:microsoft:sqlserver://server:1433;DatabaseName=name of database","user", "pass");
Statement stmt = conn.createStatement();
ResultSet rs;
rs = stmt.executeQuery("select * from dbo.database");
out.println( "<table>" );
while ( rs.next() ) {
String title = rs.getString("column1");
String director = rs.getString("column2");
String origin = rs.getString("column3");
String made = rs.getString("column4");
String ment = rs.getString("column5");
String sk = rs.getString("column6");
out.println("<tr><td>"+title+"</td><td>"+director+"</td><td>"+origin+"</td><td>"+ made+"</td><td>"+ment+"</td><td>"+sk+"</td><td>");
}
out.println( "</table>" );
conn.close();
} catch (Exception e) {
out.println( "<h1>exception: "+e+e.getMessage()+"</h1>" );
}
%>
</html> |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|