Closed JClapp2017 closed 6 years ago
In MsAccess there are no system tables (at least not readable) from where you can retrieve stored table names and column names. Hence, common tables and common column brute force search is being used. Though, in some cases, when non-standard table and column names are used it is up to you to find/search for those identifier names (and provide via -T
and -C
). C'est la vie
Hello ,
I have found injection points in in an ACCESS DBMS...
Unfortunately I can only fingerprint the back-end dbms , and cannot enumerate dbs or tables . Any tips?
SQLmap is telling me it is not possible to enumerate these things in ACCESS.. thanks