Thread: [sqlmap-users] SQL MS-Access report bug
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Ulises2k <uli...@gm...> - 2010-11-04 19:06:07
|
[15:30:49] [INFO] using '/root/sqlmap-dev/output/xxxx/session' as session
file
[15:30:49] [INFO] resuming injection point 'GET' from session file
[15:30:49] [INFO] resuming injection parameter 'Id' from session file
[15:30:49] [INFO] resuming injection type 'numeric' from session file
[15:30:49] [INFO] resuming match ratio '0.9' from session file
[15:30:49] [INFO] resuming 0 number of parenthesis from session file
[15:30:49] [INFO] resuming back-end DBMS 'microsoft access' from session
file
[15:30:49] [INFO] testing connection to the target url
[15:30:50] [INFO] testing for parenthesis on injectable parameter
[15:30:50] [INFO] the back-end DBMS is Microsoft Access
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP
back-end DBMS: Microsoft Access
[15:30:50] [ERROR] cannot retrieve table names, back-end DBMS is Access
do you want to use common table existance check? [Y/n/q]Y
[15:30:52] [INFO] checking tables existence using items from
'/root/sqlmap-dev/txt/common-tables.txt'
[15:32:06] [INFO] retrieved:
notas
[15:57:55] [INFO] tried: 1780/1780 items (100%)
[15:57:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the command line, the following text and
any information needed to reproduce the bug. The developers will try to
reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 0.9-dev (r2265)
Python version: 2.5.2
Operating system: posix
Traceback (most recent call last):
File "./sqlmap.py", line 79, in main
start()
File "/root/sqlmap-dev/lib/controller/controller.py", line 298, in start
action()
File "/root/sqlmap-dev/lib/controller/action.py", line 117, in action
conf.dbmsHandler.dumpAll()
File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 1263, in
dumpAll
for db, tables in kb.data.cachedTables.items():
AttributeError: 'list' object has no attribute 'items'
|
|
From: Miroslav S. <mir...@gm...> - 2010-11-04 21:51:24
|
hi Ulises. i am glad to see that someone has started using sqlmap against Access databases :) we've done necessary patches to prevent sqlmap crash in this kind of situations, but still, we don't have implemented dumping of tables for MS Access (due to non existent way for column enumeration - if someone has some idea non-brute force related, please say and we'll try to implement it). also, support for this DBMS is still in (early) development phase and we hope that we'll finish it in some reasonable time. kr On Thu, Nov 4, 2010 at 8:05 PM, Ulises2k <uli...@gm...> wrote: > > [15:30:49] [INFO] using '/root/sqlmap-dev/output/xxxx/session' as session > file > [15:30:49] [INFO] resuming injection point 'GET' from session file > [15:30:49] [INFO] resuming injection parameter 'Id' from session file > [15:30:49] [INFO] resuming injection type 'numeric' from session file > [15:30:49] [INFO] resuming match ratio '0.9' from session file > [15:30:49] [INFO] resuming 0 number of parenthesis from session file > [15:30:49] [INFO] resuming back-end DBMS 'microsoft access' from session > file > [15:30:49] [INFO] testing connection to the target url > [15:30:50] [INFO] testing for parenthesis on injectable parameter > [15:30:50] [INFO] the back-end DBMS is Microsoft Access > web server operating system: Windows 2008 > web application technology: ASP.NET, Microsoft IIS 7.5, ASP > back-end DBMS: Microsoft Access > [15:30:50] [ERROR] cannot retrieve table names, back-end DBMS is Access > do you want to use common table existance check? [Y/n/q]Y > [15:30:52] [INFO] checking tables existence using items from > '/root/sqlmap-dev/txt/common-tables.txt' > [15:32:06] [INFO] retrieved: > notas > [15:57:55] [INFO] tried: 1780/1780 items (100%) > > [15:57:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run > with the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the command line, the following text and > any information needed to reproduce the bug. The developers will try to > reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 0.9-dev (r2265) > Python version: 2.5.2 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 79, in main > start() > File "/root/sqlmap-dev/lib/controller/controller.py", line 298, in start > action() > File "/root/sqlmap-dev/lib/controller/action.py", line 117, in action > conf.dbmsHandler.dumpAll() > File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 1263, in > dumpAll > for db, tables in kb.data.cachedTables.items(): > AttributeError: 'list' object has no attribute 'items' > > > ------------------------------------------------------------------------------ > The Next 800 Companies to Lead America's Growth: New Video Whitepaper > David G. Thomson, author of the best-selling book "Blueprint to a > Billion" shares his insights and actions to help propel your > business during the next growth cycle. Listen Now! > http://p.sf.net/sfu/SAP-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Carlos G. V. <car...@gm...> - 2010-11-05 18:17:33
|
I was working with access some time ago, and now that you mention, i was working on getting metadata for the db. As far as i know, there are some "system tables", equivalent to sysobjects (mssql) or information_schema (mysql). Take a look at this article: http://www.datanumen.com/aar/articles/system-object.htm If i can find my test scripts, i will attach some to the list. Best regards, 2010/11/4 Miroslav Stampar <mir...@gm...>: > hi Ulises. > > i am glad to see that someone has started using sqlmap against Access > databases :) > > we've done necessary patches to prevent sqlmap crash in this kind of > situations, but still, we don't have implemented dumping of tables for > MS Access (due to non existent way for column enumeration - if someone > has some idea non-brute force related, please say and we'll try to > implement it). also, support for this DBMS is still in (early) > development phase and we hope that we'll finish it in some reasonable > time. > > kr > > On Thu, Nov 4, 2010 at 8:05 PM, Ulises2k <uli...@gm...> wrote: >> >> [15:30:49] [INFO] using '/root/sqlmap-dev/output/xxxx/session' as session >> file >> [15:30:49] [INFO] resuming injection point 'GET' from session file >> [15:30:49] [INFO] resuming injection parameter 'Id' from session file >> [15:30:49] [INFO] resuming injection type 'numeric' from session file >> [15:30:49] [INFO] resuming match ratio '0.9' from session file >> [15:30:49] [INFO] resuming 0 number of parenthesis from session file >> [15:30:49] [INFO] resuming back-end DBMS 'microsoft access' from session >> file >> [15:30:49] [INFO] testing connection to the target url >> [15:30:50] [INFO] testing for parenthesis on injectable parameter >> [15:30:50] [INFO] the back-end DBMS is Microsoft Access >> web server operating system: Windows 2008 >> web application technology: ASP.NET, Microsoft IIS 7.5, ASP >> back-end DBMS: Microsoft Access >> [15:30:50] [ERROR] cannot retrieve table names, back-end DBMS is Access >> do you want to use common table existance check? [Y/n/q]Y >> [15:30:52] [INFO] checking tables existence using items from >> '/root/sqlmap-dev/txt/common-tables.txt' >> [15:32:06] [INFO] retrieved: >> notas >> [15:57:55] [INFO] tried: 1780/1780 items (100%) >> >> [15:57:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >> with the latest development version from the Subversion repository. If the >> exception persists, please send by e-mail to >> sql...@li... the command line, the following text and >> any information needed to reproduce the bug. The developers will try to >> reproduce the bug, fix it accordingly and get back to you. >> sqlmap version: 0.9-dev (r2265) >> Python version: 2.5.2 >> Operating system: posix >> Traceback (most recent call last): >> File "./sqlmap.py", line 79, in main >> start() >> File "/root/sqlmap-dev/lib/controller/controller.py", line 298, in start >> action() >> File "/root/sqlmap-dev/lib/controller/action.py", line 117, in action >> conf.dbmsHandler.dumpAll() >> File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 1263, in >> dumpAll >> for db, tables in kb.data.cachedTables.items(): >> AttributeError: 'list' object has no attribute 'items' >> >> >> ------------------------------------------------------------------------------ >> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >> David G. Thomson, author of the best-selling book "Blueprint to a >> Billion" shares his insights and actions to help propel your >> business during the next growth cycle. Listen Now! >> http://p.sf.net/sfu/SAP-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > > ------------------------------------------------------------------------------ > The Next 800 Companies to Lead America's Growth: New Video Whitepaper > David G. Thomson, author of the best-selling book "Blueprint to a > Billion" shares his insights and actions to help propel your > business during the next growth cycle. Listen Now! > http://p.sf.net/sfu/SAP-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- --------8<-------- Carlos Gabriel Vergara http://www.ThorSecurity.com.ar PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp -------->8-------- |
|
From: Miroslav S. <mir...@gm...> - 2010-11-06 00:47:49
|
well, SELECT Name FROM MSysObjects WHERE Type = 1 (we already have it in ./xml/queries.xml) should basically get you this kind of information, but as I've understood querying it from outside the MS Access environment (web browser, ODBC connection) should result in: .....id=1 AND EXISTS(SELECT * FROM MSysObjects) Warning: odbc_exec() [function.odbc-exec]: SQL error: [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read; no read permission on 'MSysObjects'., SQL state 42000 in SQLExecDirect in ....php on line 33 SQL error: [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot be read; no read permission on 'MSysObjects'. i haven't tested this against ASP environment, though. On Fri, Nov 5, 2010 at 7:17 PM, Carlos Gabriel Vergara <car...@gm...> wrote: > I was working with access some time ago, and now that you mention, i > was working on getting metadata for the db. As far as i know, there > are some "system tables", equivalent to sysobjects (mssql) or > information_schema (mysql). Take a look at this article: > > http://www.datanumen.com/aar/articles/system-object.htm > > If i can find my test scripts, i will attach some to the list. > > Best regards, > > > 2010/11/4 Miroslav Stampar <mir...@gm...>: >> hi Ulises. >> >> i am glad to see that someone has started using sqlmap against Access >> databases :) >> >> we've done necessary patches to prevent sqlmap crash in this kind of >> situations, but still, we don't have implemented dumping of tables for >> MS Access (due to non existent way for column enumeration - if someone >> has some idea non-brute force related, please say and we'll try to >> implement it). also, support for this DBMS is still in (early) >> development phase and we hope that we'll finish it in some reasonable >> time. >> >> kr >> >> On Thu, Nov 4, 2010 at 8:05 PM, Ulises2k <uli...@gm...> wrote: >>> >>> [15:30:49] [INFO] using '/root/sqlmap-dev/output/xxxx/session' as session >>> file >>> [15:30:49] [INFO] resuming injection point 'GET' from session file >>> [15:30:49] [INFO] resuming injection parameter 'Id' from session file >>> [15:30:49] [INFO] resuming injection type 'numeric' from session file >>> [15:30:49] [INFO] resuming match ratio '0.9' from session file >>> [15:30:49] [INFO] resuming 0 number of parenthesis from session file >>> [15:30:49] [INFO] resuming back-end DBMS 'microsoft access' from session >>> file >>> [15:30:49] [INFO] testing connection to the target url >>> [15:30:50] [INFO] testing for parenthesis on injectable parameter >>> [15:30:50] [INFO] the back-end DBMS is Microsoft Access >>> web server operating system: Windows 2008 >>> web application technology: ASP.NET, Microsoft IIS 7.5, ASP >>> back-end DBMS: Microsoft Access >>> [15:30:50] [ERROR] cannot retrieve table names, back-end DBMS is Access >>> do you want to use common table existance check? [Y/n/q]Y >>> [15:30:52] [INFO] checking tables existence using items from >>> '/root/sqlmap-dev/txt/common-tables.txt' >>> [15:32:06] [INFO] retrieved: >>> notas >>> [15:57:55] [INFO] tried: 1780/1780 items (100%) >>> >>> [15:57:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >>> with the latest development version from the Subversion repository. If the >>> exception persists, please send by e-mail to >>> sql...@li... the command line, the following text and >>> any information needed to reproduce the bug. The developers will try to >>> reproduce the bug, fix it accordingly and get back to you. >>> sqlmap version: 0.9-dev (r2265) >>> Python version: 2.5.2 >>> Operating system: posix >>> Traceback (most recent call last): >>> File "./sqlmap.py", line 79, in main >>> start() >>> File "/root/sqlmap-dev/lib/controller/controller.py", line 298, in start >>> action() >>> File "/root/sqlmap-dev/lib/controller/action.py", line 117, in action >>> conf.dbmsHandler.dumpAll() >>> File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 1263, in >>> dumpAll >>> for db, tables in kb.data.cachedTables.items(): >>> AttributeError: 'list' object has no attribute 'items' >>> >>> >>> ------------------------------------------------------------------------------ >>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >>> David G. Thomson, author of the best-selling book "Blueprint to a >>> Billion" shares his insights and actions to help propel your >>> business during the next growth cycle. Listen Now! >>> http://p.sf.net/sfu/SAP-dev2dev >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> >> ------------------------------------------------------------------------------ >> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >> David G. Thomson, author of the best-selling book "Blueprint to a >> Billion" shares his insights and actions to help propel your >> business during the next growth cycle. Listen Now! >> http://p.sf.net/sfu/SAP-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > --------8<-------- > Carlos Gabriel Vergara > http://www.ThorSecurity.com.ar > > PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp > -------->8-------- > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2010-11-06 00:54:43
|
according to http://forums.aspfree.com/microsoft-sql-server-14/what-prevents-me-from-reading-the-msysobjects-tbl-17321.html user needs to explicitly add permissions for querying of system tables (to all). as I am not fully aware how much people do this, I am left pretty undecided :) On Sat, Nov 6, 2010 at 1:47 AM, Miroslav Stampar <mir...@gm...> wrote: > well, > > SELECT Name FROM MSysObjects WHERE Type = 1 > > (we already have it in ./xml/queries.xml) > > should basically get you this kind of information, but as I've > understood querying it from outside the MS Access environment (web > browser, ODBC connection) should result in: > > .....id=1 AND EXISTS(SELECT * FROM MSysObjects) > > Warning: odbc_exec() [function.odbc-exec]: SQL error: [Microsoft][ODBC > Microsoft Access Driver] Record(s) cannot be read; no read permission > on 'MSysObjects'., SQL state 42000 in SQLExecDirect in ....php on line > 33 > SQL error: [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot > be read; no read permission on 'MSysObjects'. > > i haven't tested this against ASP environment, though. > > On Fri, Nov 5, 2010 at 7:17 PM, Carlos Gabriel Vergara > <car...@gm...> wrote: >> I was working with access some time ago, and now that you mention, i >> was working on getting metadata for the db. As far as i know, there >> are some "system tables", equivalent to sysobjects (mssql) or >> information_schema (mysql). Take a look at this article: >> >> http://www.datanumen.com/aar/articles/system-object.htm >> >> If i can find my test scripts, i will attach some to the list. >> >> Best regards, >> >> >> 2010/11/4 Miroslav Stampar <mir...@gm...>: >>> hi Ulises. >>> >>> i am glad to see that someone has started using sqlmap against Access >>> databases :) >>> >>> we've done necessary patches to prevent sqlmap crash in this kind of >>> situations, but still, we don't have implemented dumping of tables for >>> MS Access (due to non existent way for column enumeration - if someone >>> has some idea non-brute force related, please say and we'll try to >>> implement it). also, support for this DBMS is still in (early) >>> development phase and we hope that we'll finish it in some reasonable >>> time. >>> >>> kr >>> >>> On Thu, Nov 4, 2010 at 8:05 PM, Ulises2k <uli...@gm...> wrote: >>>> >>>> [15:30:49] [INFO] using '/root/sqlmap-dev/output/xxxx/session' as session >>>> file >>>> [15:30:49] [INFO] resuming injection point 'GET' from session file >>>> [15:30:49] [INFO] resuming injection parameter 'Id' from session file >>>> [15:30:49] [INFO] resuming injection type 'numeric' from session file >>>> [15:30:49] [INFO] resuming match ratio '0.9' from session file >>>> [15:30:49] [INFO] resuming 0 number of parenthesis from session file >>>> [15:30:49] [INFO] resuming back-end DBMS 'microsoft access' from session >>>> file >>>> [15:30:49] [INFO] testing connection to the target url >>>> [15:30:50] [INFO] testing for parenthesis on injectable parameter >>>> [15:30:50] [INFO] the back-end DBMS is Microsoft Access >>>> web server operating system: Windows 2008 >>>> web application technology: ASP.NET, Microsoft IIS 7.5, ASP >>>> back-end DBMS: Microsoft Access >>>> [15:30:50] [ERROR] cannot retrieve table names, back-end DBMS is Access >>>> do you want to use common table existance check? [Y/n/q]Y >>>> [15:30:52] [INFO] checking tables existence using items from >>>> '/root/sqlmap-dev/txt/common-tables.txt' >>>> [15:32:06] [INFO] retrieved: >>>> notas >>>> [15:57:55] [INFO] tried: 1780/1780 items (100%) >>>> >>>> [15:57:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >>>> with the latest development version from the Subversion repository. If the >>>> exception persists, please send by e-mail to >>>> sql...@li... the command line, the following text and >>>> any information needed to reproduce the bug. The developers will try to >>>> reproduce the bug, fix it accordingly and get back to you. >>>> sqlmap version: 0.9-dev (r2265) >>>> Python version: 2.5.2 >>>> Operating system: posix >>>> Traceback (most recent call last): >>>> File "./sqlmap.py", line 79, in main >>>> start() >>>> File "/root/sqlmap-dev/lib/controller/controller.py", line 298, in start >>>> action() >>>> File "/root/sqlmap-dev/lib/controller/action.py", line 117, in action >>>> conf.dbmsHandler.dumpAll() >>>> File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 1263, in >>>> dumpAll >>>> for db, tables in kb.data.cachedTables.items(): >>>> AttributeError: 'list' object has no attribute 'items' >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >>>> David G. Thomson, author of the best-selling book "Blueprint to a >>>> Billion" shares his insights and actions to help propel your >>>> business during the next growth cycle. Listen Now! >>>> http://p.sf.net/sfu/SAP-dev2dev >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >>> >>> ------------------------------------------------------------------------------ >>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >>> David G. Thomson, author of the best-selling book "Blueprint to a >>> Billion" shares his insights and actions to help propel your >>> business during the next growth cycle. Listen Now! >>> http://p.sf.net/sfu/SAP-dev2dev >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> --------8<-------- >> Carlos Gabriel Vergara >> http://www.ThorSecurity.com.ar >> >> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp >> -------->8-------- >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Carlos G. V. <car...@gm...> - 2010-11-09 14:06:16
|
"The law of the default" If you must explicity set the permissions, then will be difficult to find this kind of info. But if we are lucky and found a "lazy-non-standard" programming, this could be a nice security breach. I will read a little further... if something is found, will share it. Best regards, 2010/11/5 Miroslav Stampar <mir...@gm...>: > well, > > SELECT Name FROM MSysObjects WHERE Type = 1 > > (we already have it in ./xml/queries.xml) > > should basically get you this kind of information, but as I've > understood querying it from outside the MS Access environment (web > browser, ODBC connection) should result in: > > .....id=1 AND EXISTS(SELECT * FROM MSysObjects) > > Warning: odbc_exec() [function.odbc-exec]: SQL error: [Microsoft][ODBC > Microsoft Access Driver] Record(s) cannot be read; no read permission > on 'MSysObjects'., SQL state 42000 in SQLExecDirect in ....php on line > 33 > SQL error: [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot > be read; no read permission on 'MSysObjects'. > > i haven't tested this against ASP environment, though. > > On Fri, Nov 5, 2010 at 7:17 PM, Carlos Gabriel Vergara > <car...@gm...> wrote: >> I was working with access some time ago, and now that you mention, i >> was working on getting metadata for the db. As far as i know, there >> are some "system tables", equivalent to sysobjects (mssql) or >> information_schema (mysql). Take a look at this article: >> >> http://www.datanumen.com/aar/articles/system-object.htm >> >> If i can find my test scripts, i will attach some to the list. >> >> Best regards, >> >> >> 2010/11/4 Miroslav Stampar <mir...@gm...>: >>> hi Ulises. >>> >>> i am glad to see that someone has started using sqlmap against Access >>> databases :) >>> >>> we've done necessary patches to prevent sqlmap crash in this kind of >>> situations, but still, we don't have implemented dumping of tables for >>> MS Access (due to non existent way for column enumeration - if someone >>> has some idea non-brute force related, please say and we'll try to >>> implement it). also, support for this DBMS is still in (early) >>> development phase and we hope that we'll finish it in some reasonable >>> time. >>> >>> kr >>> >>> On Thu, Nov 4, 2010 at 8:05 PM, Ulises2k <uli...@gm...> wrote: >>>> >>>> [15:30:49] [INFO] using '/root/sqlmap-dev/output/xxxx/session' as session >>>> file >>>> [15:30:49] [INFO] resuming injection point 'GET' from session file >>>> [15:30:49] [INFO] resuming injection parameter 'Id' from session file >>>> [15:30:49] [INFO] resuming injection type 'numeric' from session file >>>> [15:30:49] [INFO] resuming match ratio '0.9' from session file >>>> [15:30:49] [INFO] resuming 0 number of parenthesis from session file >>>> [15:30:49] [INFO] resuming back-end DBMS 'microsoft access' from session >>>> file >>>> [15:30:49] [INFO] testing connection to the target url >>>> [15:30:50] [INFO] testing for parenthesis on injectable parameter >>>> [15:30:50] [INFO] the back-end DBMS is Microsoft Access >>>> web server operating system: Windows 2008 >>>> web application technology: ASP.NET, Microsoft IIS 7.5, ASP >>>> back-end DBMS: Microsoft Access >>>> [15:30:50] [ERROR] cannot retrieve table names, back-end DBMS is Access >>>> do you want to use common table existance check? [Y/n/q]Y >>>> [15:30:52] [INFO] checking tables existence using items from >>>> '/root/sqlmap-dev/txt/common-tables.txt' >>>> [15:32:06] [INFO] retrieved: >>>> notas >>>> [15:57:55] [INFO] tried: 1780/1780 items (100%) >>>> >>>> [15:57:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >>>> with the latest development version from the Subversion repository. If the >>>> exception persists, please send by e-mail to >>>> sql...@li... the command line, the following text and >>>> any information needed to reproduce the bug. The developers will try to >>>> reproduce the bug, fix it accordingly and get back to you. >>>> sqlmap version: 0.9-dev (r2265) >>>> Python version: 2.5.2 >>>> Operating system: posix >>>> Traceback (most recent call last): >>>> File "./sqlmap.py", line 79, in main >>>> start() >>>> File "/root/sqlmap-dev/lib/controller/controller.py", line 298, in start >>>> action() >>>> File "/root/sqlmap-dev/lib/controller/action.py", line 117, in action >>>> conf.dbmsHandler.dumpAll() >>>> File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 1263, in >>>> dumpAll >>>> for db, tables in kb.data.cachedTables.items(): >>>> AttributeError: 'list' object has no attribute 'items' >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >>>> David G. Thomson, author of the best-selling book "Blueprint to a >>>> Billion" shares his insights and actions to help propel your >>>> business during the next growth cycle. Listen Now! >>>> http://p.sf.net/sfu/SAP-dev2dev >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >>> >>> ------------------------------------------------------------------------------ >>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >>> David G. Thomson, author of the best-selling book "Blueprint to a >>> Billion" shares his insights and actions to help propel your >>> business during the next growth cycle. Listen Now! >>> http://p.sf.net/sfu/SAP-dev2dev >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> --------8<-------- >> Carlos Gabriel Vergara >> http://www.ThorSecurity.com.ar >> >> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp >> -------->8-------- >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- --------8<-------- Carlos Gabriel Vergara http://www.ThorSecurity.com.ar PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp -------->8-------- |
|
From: Miroslav S. <mir...@gm...> - 2010-11-09 14:57:09
|
just a quick report. i've collected "common columns" couple of days ago (./txt/common-columns.txt) so "brute force get column names" will be available in a few. kr On Tue, Nov 9, 2010 at 3:06 PM, Carlos Gabriel Vergara <car...@gm...> wrote: > "The law of the default" > > If you must explicity set the permissions, then will be difficult to > find this kind of info. But if we are lucky and found a > "lazy-non-standard" programming, this could be a nice security breach. > > I will read a little further... if something is found, will share it. > > Best regards, > > > 2010/11/5 Miroslav Stampar <mir...@gm...>: >> well, >> >> SELECT Name FROM MSysObjects WHERE Type = 1 >> >> (we already have it in ./xml/queries.xml) >> >> should basically get you this kind of information, but as I've >> understood querying it from outside the MS Access environment (web >> browser, ODBC connection) should result in: >> >> .....id=1 AND EXISTS(SELECT * FROM MSysObjects) >> >> Warning: odbc_exec() [function.odbc-exec]: SQL error: [Microsoft][ODBC >> Microsoft Access Driver] Record(s) cannot be read; no read permission >> on 'MSysObjects'., SQL state 42000 in SQLExecDirect in ....php on line >> 33 >> SQL error: [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot >> be read; no read permission on 'MSysObjects'. >> >> i haven't tested this against ASP environment, though. >> >> On Fri, Nov 5, 2010 at 7:17 PM, Carlos Gabriel Vergara >> <car...@gm...> wrote: >>> I was working with access some time ago, and now that you mention, i >>> was working on getting metadata for the db. As far as i know, there >>> are some "system tables", equivalent to sysobjects (mssql) or >>> information_schema (mysql). Take a look at this article: >>> >>> http://www.datanumen.com/aar/articles/system-object.htm >>> >>> If i can find my test scripts, i will attach some to the list. >>> >>> Best regards, >>> >>> >>> 2010/11/4 Miroslav Stampar <mir...@gm...>: >>>> hi Ulises. >>>> >>>> i am glad to see that someone has started using sqlmap against Access >>>> databases :) >>>> >>>> we've done necessary patches to prevent sqlmap crash in this kind of >>>> situations, but still, we don't have implemented dumping of tables for >>>> MS Access (due to non existent way for column enumeration - if someone >>>> has some idea non-brute force related, please say and we'll try to >>>> implement it). also, support for this DBMS is still in (early) >>>> development phase and we hope that we'll finish it in some reasonable >>>> time. >>>> >>>> kr >>>> >>>> On Thu, Nov 4, 2010 at 8:05 PM, Ulises2k <uli...@gm...> wrote: >>>>> >>>>> [15:30:49] [INFO] using '/root/sqlmap-dev/output/xxxx/session' as session >>>>> file >>>>> [15:30:49] [INFO] resuming injection point 'GET' from session file >>>>> [15:30:49] [INFO] resuming injection parameter 'Id' from session file >>>>> [15:30:49] [INFO] resuming injection type 'numeric' from session file >>>>> [15:30:49] [INFO] resuming match ratio '0.9' from session file >>>>> [15:30:49] [INFO] resuming 0 number of parenthesis from session file >>>>> [15:30:49] [INFO] resuming back-end DBMS 'microsoft access' from session >>>>> file >>>>> [15:30:49] [INFO] testing connection to the target url >>>>> [15:30:50] [INFO] testing for parenthesis on injectable parameter >>>>> [15:30:50] [INFO] the back-end DBMS is Microsoft Access >>>>> web server operating system: Windows 2008 >>>>> web application technology: ASP.NET, Microsoft IIS 7.5, ASP >>>>> back-end DBMS: Microsoft Access >>>>> [15:30:50] [ERROR] cannot retrieve table names, back-end DBMS is Access >>>>> do you want to use common table existance check? [Y/n/q]Y >>>>> [15:30:52] [INFO] checking tables existence using items from >>>>> '/root/sqlmap-dev/txt/common-tables.txt' >>>>> [15:32:06] [INFO] retrieved: >>>>> notas >>>>> [15:57:55] [INFO] tried: 1780/1780 items (100%) >>>>> >>>>> [15:57:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >>>>> with the latest development version from the Subversion repository. If the >>>>> exception persists, please send by e-mail to >>>>> sql...@li... the command line, the following text and >>>>> any information needed to reproduce the bug. The developers will try to >>>>> reproduce the bug, fix it accordingly and get back to you. >>>>> sqlmap version: 0.9-dev (r2265) >>>>> Python version: 2.5.2 >>>>> Operating system: posix >>>>> Traceback (most recent call last): >>>>> File "./sqlmap.py", line 79, in main >>>>> start() >>>>> File "/root/sqlmap-dev/lib/controller/controller.py", line 298, in start >>>>> action() >>>>> File "/root/sqlmap-dev/lib/controller/action.py", line 117, in action >>>>> conf.dbmsHandler.dumpAll() >>>>> File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 1263, in >>>>> dumpAll >>>>> for db, tables in kb.data.cachedTables.items(): >>>>> AttributeError: 'list' object has no attribute 'items' >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >>>>> David G. Thomson, author of the best-selling book "Blueprint to a >>>>> Billion" shares his insights and actions to help propel your >>>>> business during the next growth cycle. Listen Now! >>>>> http://p.sf.net/sfu/SAP-dev2dev >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sql...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Miroslav Stampar >>>> >>>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>>> Mobile: +385921010204 (HR 0921010204) >>>> PGP Key ID: 0xB5397B1B >>>> Location: Zagreb, Croatia >>>> >>>> ------------------------------------------------------------------------------ >>>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >>>> David G. Thomson, author of the best-selling book "Blueprint to a >>>> Billion" shares his insights and actions to help propel your >>>> business during the next growth cycle. Listen Now! >>>> http://p.sf.net/sfu/SAP-dev2dev >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> >>> >>> >>> -- >>> --------8<-------- >>> Carlos Gabriel Vergara >>> http://www.ThorSecurity.com.ar >>> >>> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp >>> -------->8-------- >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> > > > > -- > --------8<-------- > Carlos Gabriel Vergara > http://www.ThorSecurity.com.ar > > PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp > -------->8-------- > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2010-11-11 17:12:29
|
hi. now you can use --columns (same effect as with --common-columns) with ms access too. it will use --common-columns switch which does a brute force check for existence of common columns in a given table (-T). this also applies to MySQL without schema. kr p.s. dumping of tables is next on a list ;). i only hope that there won't be any big issues. On Tue, Nov 9, 2010 at 3:57 PM, Miroslav Stampar <mir...@gm...> wrote: > just a quick report. i've collected "common columns" couple of days > ago (./txt/common-columns.txt) so "brute force get column names" will > be available in a few. > > kr > > On Tue, Nov 9, 2010 at 3:06 PM, Carlos Gabriel Vergara > <car...@gm...> wrote: >> "The law of the default" >> >> If you must explicity set the permissions, then will be difficult to >> find this kind of info. But if we are lucky and found a >> "lazy-non-standard" programming, this could be a nice security breach. >> >> I will read a little further... if something is found, will share it. >> >> Best regards, >> >> >> 2010/11/5 Miroslav Stampar <mir...@gm...>: >>> well, >>> >>> SELECT Name FROM MSysObjects WHERE Type = 1 >>> >>> (we already have it in ./xml/queries.xml) >>> >>> should basically get you this kind of information, but as I've >>> understood querying it from outside the MS Access environment (web >>> browser, ODBC connection) should result in: >>> >>> .....id=1 AND EXISTS(SELECT * FROM MSysObjects) >>> >>> Warning: odbc_exec() [function.odbc-exec]: SQL error: [Microsoft][ODBC >>> Microsoft Access Driver] Record(s) cannot be read; no read permission >>> on 'MSysObjects'., SQL state 42000 in SQLExecDirect in ....php on line >>> 33 >>> SQL error: [Microsoft][ODBC Microsoft Access Driver] Record(s) cannot >>> be read; no read permission on 'MSysObjects'. >>> >>> i haven't tested this against ASP environment, though. >>> >>> On Fri, Nov 5, 2010 at 7:17 PM, Carlos Gabriel Vergara >>> <car...@gm...> wrote: >>>> I was working with access some time ago, and now that you mention, i >>>> was working on getting metadata for the db. As far as i know, there >>>> are some "system tables", equivalent to sysobjects (mssql) or >>>> information_schema (mysql). Take a look at this article: >>>> >>>> http://www.datanumen.com/aar/articles/system-object.htm >>>> >>>> If i can find my test scripts, i will attach some to the list. >>>> >>>> Best regards, >>>> >>>> >>>> 2010/11/4 Miroslav Stampar <mir...@gm...>: >>>>> hi Ulises. >>>>> >>>>> i am glad to see that someone has started using sqlmap against Access >>>>> databases :) >>>>> >>>>> we've done necessary patches to prevent sqlmap crash in this kind of >>>>> situations, but still, we don't have implemented dumping of tables for >>>>> MS Access (due to non existent way for column enumeration - if someone >>>>> has some idea non-brute force related, please say and we'll try to >>>>> implement it). also, support for this DBMS is still in (early) >>>>> development phase and we hope that we'll finish it in some reasonable >>>>> time. >>>>> >>>>> kr >>>>> >>>>> On Thu, Nov 4, 2010 at 8:05 PM, Ulises2k <uli...@gm...> wrote: >>>>>> >>>>>> [15:30:49] [INFO] using '/root/sqlmap-dev/output/xxxx/session' as session >>>>>> file >>>>>> [15:30:49] [INFO] resuming injection point 'GET' from session file >>>>>> [15:30:49] [INFO] resuming injection parameter 'Id' from session file >>>>>> [15:30:49] [INFO] resuming injection type 'numeric' from session file >>>>>> [15:30:49] [INFO] resuming match ratio '0.9' from session file >>>>>> [15:30:49] [INFO] resuming 0 number of parenthesis from session file >>>>>> [15:30:49] [INFO] resuming back-end DBMS 'microsoft access' from session >>>>>> file >>>>>> [15:30:49] [INFO] testing connection to the target url >>>>>> [15:30:50] [INFO] testing for parenthesis on injectable parameter >>>>>> [15:30:50] [INFO] the back-end DBMS is Microsoft Access >>>>>> web server operating system: Windows 2008 >>>>>> web application technology: ASP.NET, Microsoft IIS 7.5, ASP >>>>>> back-end DBMS: Microsoft Access >>>>>> [15:30:50] [ERROR] cannot retrieve table names, back-end DBMS is Access >>>>>> do you want to use common table existance check? [Y/n/q]Y >>>>>> [15:30:52] [INFO] checking tables existence using items from >>>>>> '/root/sqlmap-dev/txt/common-tables.txt' >>>>>> [15:32:06] [INFO] retrieved: >>>>>> notas >>>>>> [15:57:55] [INFO] tried: 1780/1780 items (100%) >>>>>> >>>>>> [15:57:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >>>>>> with the latest development version from the Subversion repository. If the >>>>>> exception persists, please send by e-mail to >>>>>> sql...@li... the command line, the following text and >>>>>> any information needed to reproduce the bug. The developers will try to >>>>>> reproduce the bug, fix it accordingly and get back to you. >>>>>> sqlmap version: 0.9-dev (r2265) >>>>>> Python version: 2.5.2 >>>>>> Operating system: posix >>>>>> Traceback (most recent call last): >>>>>> File "./sqlmap.py", line 79, in main >>>>>> start() >>>>>> File "/root/sqlmap-dev/lib/controller/controller.py", line 298, in start >>>>>> action() >>>>>> File "/root/sqlmap-dev/lib/controller/action.py", line 117, in action >>>>>> conf.dbmsHandler.dumpAll() >>>>>> File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 1263, in >>>>>> dumpAll >>>>>> for db, tables in kb.data.cachedTables.items(): >>>>>> AttributeError: 'list' object has no attribute 'items' >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >>>>>> David G. Thomson, author of the best-selling book "Blueprint to a >>>>>> Billion" shares his insights and actions to help propel your >>>>>> business during the next growth cycle. Listen Now! >>>>>> http://p.sf.net/sfu/SAP-dev2dev >>>>>> _______________________________________________ >>>>>> sqlmap-users mailing list >>>>>> sql...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Miroslav Stampar >>>>> >>>>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>>>> Mobile: +385921010204 (HR 0921010204) >>>>> PGP Key ID: 0xB5397B1B >>>>> Location: Zagreb, Croatia >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >>>>> David G. Thomson, author of the best-selling book "Blueprint to a >>>>> Billion" shares his insights and actions to help propel your >>>>> business during the next growth cycle. Listen Now! >>>>> http://p.sf.net/sfu/SAP-dev2dev >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sql...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>> >>>> >>>> >>>> -- >>>> --------8<-------- >>>> Carlos Gabriel Vergara >>>> http://www.ThorSecurity.com.ar >>>> >>>> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp >>>> -------->8-------- >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >>> >> >> >> >> -- >> --------8<-------- >> Carlos Gabriel Vergara >> http://www.ThorSecurity.com.ar >> >> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp >> -------->8-------- >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X