Hi,
I was refering to the idea exposed in the Advanced SQL Injection
paper by Chris Anley:
declare @pwd nvarchar(4000), @char_set nvarchar(4000)
declare @pwd_len int, @i int, @c char
select @char_set = N'abcdefghijklmnopqrstuvwxyz0123456789!_'
select @pwd_len = 8
select @username = 'sa'
while @i < @pwd_len begin
-- make pwd
(code deleted)
-- try a login
select @query = N'select * from OPENROWSET...
I have no idea on SQL server scripting, could somebody send here the
complete fixed script? (with no "code deleted" tags). I also don't
have clear at all how to insert such a big script through a SQL
injection line (is it really possible?). I'd greatly thank you if you
could help me with this too. Please, provide an example, if possible.
[EMAIL PROTECTED]
Regards,
--Roman
--
PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]
----------------------------------------------------------------------------
Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core
