HellBound Hackers
Join us at IRC!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Thursday, May 24, 2012
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
HellBoundHackers Additional:
Shop
Learn
Communicate
Submit
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Interact
Other
HellBoundHackers Executive:
HellBoundHackers Leisure:
Members Online
Total Online: 29
Web Spiders: 13
Guests Online: 27
Members Online: 2
subnick, prankst3r

Registered Members: 70201
Newest Member: subnick
Latest Articles
View Thread

HellBound Hackers | Events | Root This Box
Author

Microsoft Access SQL Injection
stealth-
Member



Posts: 998
Location: Eh?
Joined: 10.04.09
Rank: God
Posted on 04-07-11 02:44
Alright, so I'm pentesting this box running Windows Server 2003 with Microsoft Access as the backend database. It interfaces with this DB via the ColdFusion that the app is programmed with (.cfm). The debug error messages print out not just the SQL query, but with the surrounding CFM code as well as a stack trace, and there are SQL injections riddled all throughout the site.

I've never played with MS Access, but I figured this would be ridiculously simple. I quickly figured out that it doesn't allow SQL code to be executed after the end of a statement ";", which took out a lot of exploits. So I decided to poke around some more, possibly map out the tables/db's, however almost all of the techniques I knew failed with strange Syntax errors I wasn't familiar with. Various attempts at researching possible techniques for MS Access resulted in the server acting far differently than I was expecting.

I looked into this for a solid 3 hours before deciding to try and see if I could find assistance with various DB-exploit programs. I pulled out Sqlmap, and it successfully registered the exploit as a valid injection. But as soon as I try to pass any flags for pulling information to Sqlmap, I get various forms of "This doesn't work with Microsoft Access". The only thing I can get SQLmap to do without crashing is return the database fingerprint, which I obviously already knew. I'm thinking this isn't limitations of the program, but that these techniques just don't work on MS Access.

Anyone have any ideas for how I can progress this exploit? The coder obviously didn't account for SQL Injection, but I'm thinking there isn't anything I can really do here. If anyone has any material to read/techniques to try, I'd be grateful.

Thanks guys

The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com
http://www.stealth-x.com
Guest
Username

Password

Remember Me


Bookmark This Page
Affiliates
Adverts

 

 

Links

Anime Wallpaper Site
By using, viewing or obtaining any information contained on this site, you agree to the disclaimer.

© HellBound Hackers 2008- 2009. Since 3rd December 2004.

20610554 Unique Visits

Powered by HBH-Fusion