|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 48
Members: 0
Total: 48
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
MS Access SQL injection |
|
Posted: Sat Feb 02, 2008 12:22 am |
|
|
julioisaias |
Valuable expert |
|
|
Joined: Jan 25, 2008 |
Posts: 50 |
|
|
|
|
|
|
|
hi,
I am conducting a pen-test on a web app that is vulnerable to SQL injection.
well,
The backend database is MS Access and I discovered the names of the fields but did not discover the name of the table.
I have used the clause "group by" to discover the names of the fields but the clause "having" not discovered the name of the table.
http://********.com/noticias_online.asp?id_noticia=1124 +[SQL Injection]%00
I much Search in Google but found only this: http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
I would like to discover the names of the tables. I think it is easy.
I'm sorry because my bad english
Thanks. |
|
_________________ I study enough to make the rest a result. |
|
|
|
|
Re: MS Access SQL injection |
|
Posted: Sat Feb 02, 2008 2:22 pm |
|
|
sol1dzer0 |
Regular user |
|
|
Joined: Jan 21, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
netsoul wrote: | hi,
I am conducting a pen-test on a web app that is vulnerable to SQL injection.
well,
The backend database is MS Access and I discovered the names of the fields but did not discover the name of the table.
I have used the clause "group by" to discover the names of the fields but the clause "having" not discovered the name of the table.
http://********.com/noticias_online.asp?id_noticia=1124 +[SQL Injection]%00
I much Search in Google but found only this: http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
I would like to discover the names of the tables. I think it is easy.
I'm sorry because my bad english
Thanks. |
i think U can't post real URL's... !! :p read rules.. |
|
|
|
|
Posted: Sat Feb 02, 2008 6:28 pm |
|
|
julioisaias |
Valuable expert |
|
|
Joined: Jan 25, 2008 |
Posts: 50 |
|
|
|
|
|
|
|
|
_________________ I study enough to make the rest a result. |
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|