Re: [sqlmap-users] SQL MS-Access report bug
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQL MS-Access report bug
|
From: Miroslav S. <mir...@gm...> - 2010-11-11 17:12:29
|
hi. now you can use --columns (same effect as with --common-columns) with ms access too. it will use --common-columns switch which does a brute force check for existence of common columns in a given table (-T). this also applies to MySQL without schema. kr p.s. dumping of tables is next on a list ;). i only hope that there won't be any big issues. On Tue, Nov 9, 2010 at 3:57 PM, Miroslav Stampar <mir...@gm...> wrote: > just a quick report. i've collected "common columns" couple of days > ago (./txt/common-columns.txt) so "brute force get column names" will > be available in a few. > > kr > > On Tue, Nov 9, 2010 at 3:06 PM, Carlos Gabriel Vergara > <car...@gm...> wrote: >> "The law of the default" >> >> If you must explicity set the permissions, then will be difficult to >> find this kind of info. But if we are lucky and found a >> "lazy-non-standard" programming, this could be a nice security breach. >> >> I will read a little further... if something is found, will share it. >> >> Best regards, >> >> >> 2010/11/5 Miroslav Stampar <mir...@gm...>: >>> well, >>> >>> SELECT Name FROM MSysObjects WHERE Type = 1 >>> >>> (we already have it in ./xml/queries.xml) >>> >>> should basically get you this kind of information, but as I've >>> understood querying it from outside the MS Access environment (web >>> browser, ODBC connection) should result in: >>> >>> .....id=1 AND EXISTS(SELECT * FROM MSysObjects) >>> >>> Warning: odbc_exec() [function.odbc-exec]: SQL error: [Microsoft][ODBC >>> Microsoft Access Driver] Record(s) cannot be read; no read permission >>> on 'MSysObjects'., SQL state 42000 in SQLExecDirect in ....php on line >>> 33 >>> SQL error: [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot >>> be read; no read permission on 'MSysObjects'. >>> >>> i haven't tested this against ASP environment, though. >>> >>> On Fri, Nov 5, 2010 at 7:17 PM, Carlos Gabriel Vergara >>> <car...@gm...> wrote: >>>> I was working with access some time ago, and now that you mention, i >>>> was working on getting metadata for the db. As far as i know, there >>>> are some "system tables", equivalent to sysobjects (mssql) or >>>> information_schema (mysql). Take a look at this article: >>>> >>>> http://www.datanumen.com/aar/articles/system-object.htm >>>> >>>> If i can find my test scripts, i will attach some to the list. >>>> >>>> Best regards, >>>> >>>> >>>> 2010/11/4 Miroslav Stampar <mir...@gm...>: >>>>> hi Ulises. >>>>> >>>>> i am glad to see that someone has started using sqlmap against Access >>>>> databases :) >>>>> >>>>> we've done necessary patches to prevent sqlmap crash in this kind of >>>>> situations, but still, we don't have implemented dumping of tables for >>>>> MS Access (due to non existent way for column enumeration - if someone >>>>> has some idea non-brute force related, please say and we'll try to >>>>> implement it). also, support for this DBMS is still in (early) >>>>> development phase and we hope that we'll finish it in some reasonable >>>>> time. >>>>> >>>>> kr >>>>> >>>>> On Thu, Nov 4, 2010 at 8:05 PM, Ulises2k <uli...@gm...> wrote: >>>>>> >>>>>> [15:30:49] [INFO] using '/root/sqlmap-dev/output/xxxx/session' as session >>>>>> file >>>>>> [15:30:49] [INFO] resuming injection point 'GET' from session file >>>>>> [15:30:49] [INFO] resuming injection parameter 'Id' from session file >>>>>> [15:30:49] [INFO] resuming injection type 'numeric' from session file >>>>>> [15:30:49] [INFO] resuming match ratio '0.9' from session file >>>>>> [15:30:49] [INFO] resuming 0 number of parenthesis from session file >>>>>> [15:30:49] [INFO] resuming back-end DBMS 'microsoft access' from session >>>>>> file >>>>>> [15:30:49] [INFO] testing connection to the target url >>>>>> [15:30:50] [INFO] testing for parenthesis on injectable parameter >>>>>> [15:30:50] [INFO] the back-end DBMS is Microsoft Access >>>>>> web server operating system: Windows 2008 >>>>>> web application technology: ASP.NET, Microsoft IIS 7.5, ASP >>>>>> back-end DBMS: Microsoft Access >>>>>> [15:30:50] [ERROR] cannot retrieve table names, back-end DBMS is Access >>>>>> do you want to use common table existance check? [Y/n/q]Y >>>>>> [15:30:52] [INFO] checking tables existence using items from >>>>>> '/root/sqlmap-dev/txt/common-tables.txt' >>>>>> [15:32:06] [INFO] retrieved: >>>>>> notas >>>>>> [15:57:55] [INFO] tried: 1780/1780 items (100%) >>>>>> >>>>>> [15:57:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >>>>>> with the latest development version from the Subversion repository. If the >>>>>> exception persists, please send by e-mail to >>>>>> sql...@li... the command line, the following text and >>>>>> any information needed to reproduce the bug. The developers will try to >>>>>> reproduce the bug, fix it accordingly and get back to you. >>>>>> sqlmap version: 0.9-dev (r2265) >>>>>> Python version: 2.5.2 >>>>>> Operating system: posix >>>>>> Traceback (most recent call last): >>>>>> File "./sqlmap.py", line 79, in main >>>>>> start() >>>>>> File "/root/sqlmap-dev/lib/controller/controller.py", line 298, in start >>>>>> action() >>>>>> File "/root/sqlmap-dev/lib/controller/action.py", line 117, in action >>>>>> conf.dbmsHandler.dumpAll() >>>>>> File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 1263, in >>>>>> dumpAll >>>>>> for db, tables in kb.data.cachedTables.items(): >>>>>> AttributeError: 'list' object has no attribute 'items' >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >>>>>> David G. Thomson, author of the best-selling book "Blueprint to a >>>>>> Billion" shares his insights and actions to help propel your >>>>>> business during the next growth cycle. Listen Now! >>>>>> http://p.sf.net/sfu/SAP-dev2dev >>>>>> _______________________________________________ >>>>>> sqlmap-users mailing list >>>>>> sql...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Miroslav Stampar >>>>> >>>>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>>>> Mobile: +385921010204 (HR 0921010204) >>>>> PGP Key ID: 0xB5397B1B >>>>> Location: Zagreb, Croatia >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >>>>> David G. Thomson, author of the best-selling book "Blueprint to a >>>>> Billion" shares his insights and actions to help propel your >>>>> business during the next growth cycle. Listen Now! >>>>> http://p.sf.net/sfu/SAP-dev2dev >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sql...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>> >>>> >>>> >>>> -- >>>> --------8<-------- >>>> Carlos Gabriel Vergara >>>> http://www.ThorSecurity.com.ar >>>> >>>> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp >>>> -------->8-------- >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >>> >> >> >> >> -- >> --------8<-------- >> Carlos Gabriel Vergara >> http://www.ThorSecurity.com.ar >> >> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp >> -------->8-------- >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
