Web Application Disassembly With Odbc Error Messages
Web Application Disassembly with ODBC Error Messages
By
Juleanus Spetember
CTO Hellringer Enterprises
Introduction
This document describes how to subvert the security of a Microsoft Internet Information Web Server that feeds into a SQL database. The document assumes that the web application uses Active Server Pages technology with Active Data Objects (ADO), though the same techniques can be used with other technologies. The techniques discussed here can be used to disassemble the SQL database's structure, by-pass login pages, and retrieve and modify data. This does assume that attackers can run arbitrary SQL queries, which unfortunately is all too common due to a lack of understanding, or even a complete ignorance of this problem and subsequent coding techniques in an ASP page. For example - consider the following ASP code - from a login page:
<%@ LANGUAGE="VBSCRIPT" %>
<%
Dim oCONv, oRSu
Set oCONv = Server.CreateObject("ADODB.Connection")
oCONv.Open "DRIVER={SQL......
View the rest of this paper...
Approximate Word Count: 1897
Approximate Pages: 8 (250 words per double-spaced page)
Why should you join Frat Files?
- - It's safe, secure, and private.
- - Instant access to over 100,000 papers. New papers are added hourly.
- - Fast and reliable customer support.
Similar Essays
-
Web Application Disassembly With Odbc Error Messages
Web Application Disassembly With Odbc Error Messages. Web Application
Disassembly with ODBC Error Messages By Juleanus Spetember ...
Frat Files
Members
Information
