Jump to content


Important notice to Free Members

Astalavista Goes Premium! Astalavista is making another step into the future. From now on it is offering the services on Astalavista.com to Premium Members only. Please check out our special offers and become part of the Astalavista Experience now!

Submitter

File Information

  • Submitted: Sep 02 2010 10:35
  • Last Updated: Sep 02 2010 10:35
  • File Size: 40K
  • Views: 26
  • Downloads: 1
  • OS: Not Applicable
  • Language: English

Download Web Application Disassembly with ODBC Error Messages

- - - - -



This document describes how to subvert the security of a Microsoft Internet Information Web Server that feeds into a SQL database. The document assumes that the web application uses Active Server Pages technology with Active Data Objects (ADO), though the same techniques can be used with other technologies. The techniques discussed here can be used to disassemble the SQL database's structure, by-pass login pages, and retrieve and modify data. This does assume that attackers can run arbitrary SQL queries, which unfortunately is all too common due to a lack of understanding, or even a complete ignorance of this problem and subsequent coding techniques in an ASP page.






  • 18,950 Total Files
  • 88 Total Categories
  • 48 Total Authors
  • 346,456 Total Downloads
  • Packet Fence 3.0.3 Latest File
  • Crow Latest Submitter
  1. IT News & Security community - Astalavista
  2. Downloads
  3. Articles & eBooks
  4. Programming
  5. Web Application Disassembly with ODBC Error Messages
  6. ASTALAVISTA Rules/Guidelines