Re: [sqlmap-users] SQL MS-Access report bug
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQL MS-Access report bug
|
From: Miroslav S. <mir...@gm...> - 2010-11-09 14:57:09
|
just a quick report. i've collected "common columns" couple of days ago (./txt/common-columns.txt) so "brute force get column names" will be available in a few. kr On Tue, Nov 9, 2010 at 3:06 PM, Carlos Gabriel Vergara <car...@gm...> wrote: > "The law of the default" > > If you must explicity set the permissions, then will be difficult to > find this kind of info. But if we are lucky and found a > "lazy-non-standard" programming, this could be a nice security breach. > > I will read a little further... if something is found, will share it. > > Best regards, > > > 2010/11/5 Miroslav Stampar <mir...@gm...>: >> well, >> >> SELECT Name FROM MSysObjects WHERE Type = 1 >> >> (we already have it in ./xml/queries.xml) >> >> should basically get you this kind of information, but as I've >> understood querying it from outside the MS Access environment (web >> browser, ODBC connection) should result in: >> >> .....id=1 AND EXISTS(SELECT * FROM MSysObjects) >> >> Warning: odbc_exec() [function.odbc-exec]: SQL error: [Microsoft][ODBC >> Microsoft Access Driver] Record(s) cannot be read; no read permission >> on 'MSysObjects'., SQL state 42000 in SQLExecDirect in ....php on line >> 33 >> SQL error: [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot >> be read; no read permission on 'MSysObjects'. >> >> i haven't tested this against ASP environment, though. >> >> On Fri, Nov 5, 2010 at 7:17 PM, Carlos Gabriel Vergara >> <car...@gm...> wrote: >>> I was working with access some time ago, and now that you mention, i >>> was working on getting metadata for the db. As far as i know, there >>> are some "system tables", equivalent to sysobjects (mssql) or >>> information_schema (mysql). Take a look at this article: >>> >>> http://www.datanumen.com/aar/articles/system-object.htm >>> >>> If i can find my test scripts, i will attach some to the list. >>> >>> Best regards, >>> >>> >>> 2010/11/4 Miroslav Stampar <mir...@gm...>: >>>> hi Ulises. >>>> >>>> i am glad to see that someone has started using sqlmap against Access >>>> databases :) >>>> >>>> we've done necessary patches to prevent sqlmap crash in this kind of >>>> situations, but still, we don't have implemented dumping of tables for >>>> MS Access (due to non existent way for column enumeration - if someone >>>> has some idea non-brute force related, please say and we'll try to >>>> implement it). also, support for this DBMS is still in (early) >>>> development phase and we hope that we'll finish it in some reasonable >>>> time. >>>> >>>> kr >>>> >>>> On Thu, Nov 4, 2010 at 8:05 PM, Ulises2k <uli...@gm...> wrote: >>>>> >>>>> [15:30:49] [INFO] using '/root/sqlmap-dev/output/xxxx/session' as session >>>>> file >>>>> [15:30:49] [INFO] resuming injection point 'GET' from session file >>>>> [15:30:49] [INFO] resuming injection parameter 'Id' from session file >>>>> [15:30:49] [INFO] resuming injection type 'numeric' from session file >>>>> [15:30:49] [INFO] resuming match ratio '0.9' from session file >>>>> [15:30:49] [INFO] resuming 0 number of parenthesis from session file >>>>> [15:30:49] [INFO] resuming back-end DBMS 'microsoft access' from session >>>>> file >>>>> [15:30:49] [INFO] testing connection to the target url >>>>> [15:30:50] [INFO] testing for parenthesis on injectable parameter >>>>> [15:30:50] [INFO] the back-end DBMS is Microsoft Access >>>>> web server operating system: Windows 2008 >>>>> web application technology: ASP.NET, Microsoft IIS 7.5, ASP >>>>> back-end DBMS: Microsoft Access >>>>> [15:30:50] [ERROR] cannot retrieve table names, back-end DBMS is Access >>>>> do you want to use common table existance check? [Y/n/q]Y >>>>> [15:30:52] [INFO] checking tables existence using items from >>>>> '/root/sqlmap-dev/txt/common-tables.txt' >>>>> [15:32:06] [INFO] retrieved: >>>>> notas >>>>> [15:57:55] [INFO] tried: 1780/1780 items (100%) >>>>> >>>>> [15:57:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >>>>> with the latest development version from the Subversion repository. If the >>>>> exception persists, please send by e-mail to >>>>> sql...@li... the command line, the following text and >>>>> any information needed to reproduce the bug. The developers will try to >>>>> reproduce the bug, fix it accordingly and get back to you. >>>>> sqlmap version: 0.9-dev (r2265) >>>>> Python version: 2.5.2 >>>>> Operating system: posix >>>>> Traceback (most recent call last): >>>>> File "./sqlmap.py", line 79, in main >>>>> start() >>>>> File "/root/sqlmap-dev/lib/controller/controller.py", line 298, in start >>>>> action() >>>>> File "/root/sqlmap-dev/lib/controller/action.py", line 117, in action >>>>> conf.dbmsHandler.dumpAll() >>>>> File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 1263, in >>>>> dumpAll >>>>> for db, tables in kb.data.cachedTables.items(): >>>>> AttributeError: 'list' object has no attribute 'items' >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >>>>> David G. Thomson, author of the best-selling book "Blueprint to a >>>>> Billion" shares his insights and actions to help propel your >>>>> business during the next growth cycle. Listen Now! >>>>> http://p.sf.net/sfu/SAP-dev2dev >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sql...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Miroslav Stampar >>>> >>>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>>> Mobile: +385921010204 (HR 0921010204) >>>> PGP Key ID: 0xB5397B1B >>>> Location: Zagreb, Croatia >>>> >>>> ------------------------------------------------------------------------------ >>>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >>>> David G. Thomson, author of the best-selling book "Blueprint to a >>>> Billion" shares his insights and actions to help propel your >>>> business during the next growth cycle. Listen Now! >>>> http://p.sf.net/sfu/SAP-dev2dev >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> >>> >>> >>> -- >>> --------8<-------- >>> Carlos Gabriel Vergara >>> http://www.ThorSecurity.com.ar >>> >>> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp >>> -------->8-------- >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> > > > > -- > --------8<-------- > Carlos Gabriel Vergara > http://www.ThorSecurity.com.ar > > PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp > -------->8-------- > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
