Hi all,
Miroslav posted some news about an ongoing SQLi ModSecurity challenge. I was curious and had a quick look at it. One of the vulnerable applications has an MS Access DB and can be UNION based injected. Unfortunately UNION based tests against MS Access will always fail with sqlmap, because for UNION based injections the defined comment string (queries.xml) is not respected. Access needs %00 as comment string and even this is not working in many cases. One quick fix would be adding special Access UNION test definitions to payload.xml like it has been done for MySQL. Another problem is the defined SELECT_FROM for MS Access dbms, it's MSysObjects. In the ModSecurity challenge this system table has no read permissions hence any UNION test must fail. But the system table MSysAccessXML has read permissions in this specific case. Does anyone know, which of the two tables is more likely to have read access in the wild? Does it make sense to change SELECT_FROM? Is MSysAccessXML present in older MS Access versions? Hope some Access expert may help. -marek
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
