April 2011
Intermediate to advanced
500 pages
16h 12m
English
Content preview from Developer's Guide to Web Application Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Access Pipe Problem
Older versions of Access and MDAC allowed the passing of Visual Basic for
Applications (VBA) commands to the access executable, which would then be run
directly. Anything surrounded with the pipe (|) character was considered a VBA
command and would be executed.This had the related effect of causing any text
passed to a query with a pipe to fail unless they were escaped (using ||). Let’s say, for
example, that an attacker had sent an URL that looked like Figure 10.19.
Figure 10.19 URL with Code to Cause Access to Create a File
http://server/index.cfm?id='|shell("cmd /c 1 > c:\temp\file.txt")|'
On the page index.cfm that is being called, ...