|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Adriel Desautels (adriel
netragard.com)
Date: Thu Oct 18 2007 - 16:58:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Daniel,
Google is a good friend.
Discussion:
This problem occurs when working with the same MS SQL Server connection
as source and target of a module. This error appears in the Exceptions
tab of the Execution Viewer. The complete error message is:
S1000 [Microsoft][ODBC SQL Server Driver]Connection is busy with results
for another hstmt
This error is returned by the ODBC driver and not by SQL Server itself,
so DbError = 0.
Resolution:
This is due to the behaviour of the MS SQL Server connection. When a
transaction is opened and a table is currently being read in single
mode, no other task can be performed within this transaction.
To fix this, in the module change the select mode of the table (or the
dataset) to Packet(x).
Another way to avoid this error is to duplicate the connection and link
the source table (or the tables of the dataset) to that new connection.
This way, two different transactions are opened: one for reading, and
one for writing. If you want to read the same table you write, you have
to use the first solution.
Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45
---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security
H. Daniel Regalado Arias wrote:
> Hi Dave and Friends, i have a problem while making a PHP -MSQQL-2000 Web
> App Assessment, after many days and due to the lack of experience i am
> able to bypass single quotes using char() or "[]" when trying to execute
> a store procedure, so, by now, i am able to inject code directly to the
> DataBase without being filtered but after sending the next test:
>
> http://www.client.com/mod.php?id=1;begin%20declare%20q%20varchar(8000)select%20q%20=%200x73656c65637420404076657273696f6e%20exec(q)%20end
> <http://www.client.com/mod.php?id=1;begin%20declare%20q%20varchar%288000%29select%20q%20=%200x73656c65637420404076657273696f6e%20exec%28q%29%20end>;--
>
> or another store procedure like:
>
> http://www.client.com/mod.php?id=1;exec%20sp_makewebtask%20%5Bc:\inetpub\wwwroot\sssssssss\index_olld.html%5D,%20%5Bselect%20*%20from%20TABLE%5D
> <http://www.client.com/mod.php?id=1;exec%20sp_makewebtask%20%5Bc:%5Cinetpub%5Cwwwroot%5Csssssssss%5Cindex_olld.html%5D,%20%5Bselect%20*%20from%20TABLE%5D>;--
>
> the application responses with something like:
> SQL error: [Microsoft][ODBC SQL Server Driver]Connection is busy with
> results for another hstmt, SQL state S1000 in SQLExecDirect in
> *C:\D\Inetpub\wwwroot\sssssssssss*
>
> I think its because of the first query (the one belongs to id=1
> parameter, even though 1 results to 0 rows).
> I have ridden a lot of sql injection .. Advanced, More, and so on, but
> all of them always execute a store procedure after a semicolon but no
> one says something about this error.
>
> I thought to put a delay before my store procedure or a command to free
> the data base connection handler.
>
> What you think???
>
> By the way, i am not able to run xp_cmdshell because of the database
> user permissions, may be i could try to elevate privileges but always
> appears the error describe above.
>
> Thanks in Advance.
>
> H. Daniel Regalado Arias, CISSP
> Chief Information Security Officer
> Macula Security Consulting Group
> www.macula-group.com
>
>
> ----- Mensaje original ----
> De: Dave Aitel <daveimmunityinc.com>
> Para: dailydave <dailydavelists.immunitysec.com>
> Enviado: jueves, 18 de octubre, 2007 12:40:06
> Asunto: [Dailydave] SQL Hooker Release
>
> http://forum.immunityinc.com/index.php?topic=92.0
>
> JMS and I decided to put our code where our mouth was.
>
> It looks a lot like this:
> PyCommands $ python sql_listener.py 80812.4
> Set up XMLRPC Socket on 0.0.0.0 port 8081
> select count(*) from users where userName='cow' and userPass='boy'
> 10.10.10.243 - - [18/Oct/2007 13:03:17] "POST / HTTP/1.0" 200 -
>
> Next up - file operation hooking perhaps? :>
>
> -dave
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com <mailto:Dailydavelists.immunitysec.com>
http://lists.immunitysec.com/mailman/listinfo/dailydave
------------------------------------------------------------------------
¡Sé un mejor ambientalista!
Encuentra consejos para cuidar el lugar donde vivimos en:
http://telemundo.yahoo.com/promos/mejorambientalista.html
------------------------------------------------------------------------
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- application/pgp-signature attachment: OpenPGP digital signature
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]