Enumerating MS Access DB

No explicit questions like "how do I hack xxx.com" please!
Post Reply
reparto
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 288
Joined: 27 May 2013, 11:30
10

Enumerating MS Access DB

Post by reparto »

Found an injection vulnerability but the site is using Access but there doesn't seem to be anything like the schema tables in MySQL. Is there any way to enumerate the tables other than bruteforce?
Selling invisible pets:
Dogs - 0.5 Bitcoins
Cats - 0.7 Bitcoins
Unicorns - 10 Bitcoins
Chimpanzee - 2 Bitcoins

PM me if you are interested, will ship via priority airmail, will accept escrow services

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Re: Enumerating MS Access DB

Post by ayu »

Well normally you have to brute force it, but I found this that could work

Code: Select all

SELECT NAME FROM MSYSOBJECT
WHERE TYPE = 1
AND NAME NOT LIKE 'MSYS*'
ORDER BY NAME;

Code: Select all

http://nm1m.blogspot.se/2005/06/ms-access-list-table-names.html
"The best place to hide a tree, is in a forest"

reparto
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 288
Joined: 27 May 2013, 11:30
10

Re: Enumerating MS Access DB

Post by reparto »

Nice one!
Selling invisible pets:
Dogs - 0.5 Bitcoins
Cats - 0.7 Bitcoins
Unicorns - 10 Bitcoins
Chimpanzee - 2 Bitcoins

PM me if you are interested, will ship via priority airmail, will accept escrow services

Post Reply