[Gary O'leary-Steele] | I am doing a pen test against a IIS 5 web server. The web server | requires a user name and password via a logon form. if a single | quote character is entered (username)the following error is | produced | | [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark | before the character string '' and password=''. | | I remember reading somewhere that this can be used to gain further | access? but i cant find the info. Try to guess a user name, for instance "john", and enter the following in the user name field: john' -- Leave the password empty (or enter anything). The two dashes will comment out the password test. If the program fails to check that just a single record is returned, you can try the following: ' or true -- You will then get logged in as the first user returned from the database. Sverre. -- shhat_private Play my free Nerd Quiz at http://shh.thathost.com/ http://nerdquiz.thathost.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Nov 20 2001 - 11:42:34 PST