guys,
so i setup iis and asp support on my laptop, then setup a simple sql on asp with mdb as database then tested vulnerability on access based on cheat sheet online
msaccess does not provide info regarding tables and columns, no schema etc… i set the program to bruteforce tables when it detects an msaccess host,once it finds a table will then get the column count, then will use union to extract data.
-bruteforce tables
-bruteforce columns
-dump data / save and load
because msaccess does not support “limit” function and does not allow subquery with multiple returns, program uses field<>’data1′ and field2<>’data2′, not very stable but works
Try it out:
