Use the following script to get the structure description of a specific table:


SELECT
clmns.name AS [Name],
usrt.name AS [DataType],
ISNULL(baset.name, N'') AS [SystemType],
CAST(CASE WHEN baset.name IN (N'nchar', N'nvarchar') AND clmns.max_length <> -1 THEN clmns.max_length/2 ELSE clmns.max_length END AS int) AS [Length],
CAST(clmns.precision AS int) AS [NumericPrecision]
FROM sys.tables AS tbl
INNER JOIN sys.all_columns AS clmns ON clmns.object_id = tbl.object_id
LEFT OUTER JOIN sys.types AS usrt ON usrt.user_type_id = clmns.user_type_id
LEFT OUTER JOIN sys.types AS baset ON baset.user_type_id = clmns.system_type_id and
baset.user_type_id = baset.system_type_id
WHERE tbl.name='YOURTABLENAME' and SCHEMA_NAME(tbl.schema_id)=N'dbo'
ORDER BY clmns.column_id ASC


The source of the script is: www.geekzilla.co.uk

Note:All websites owners where informed more than a week ago about the vulnerabilities I have "accidentally" found.
The purpose of this information is educational only!



In the last week I was playing with some websites trying to find out if they are exposed to any XSS attacks.
Among those websites was also www.monster.com. I know that in the past years Monster had big issues regarding security. They were hacked three times and a huge amount of data was stolen back then. Well...what I have discovered is that they still have vulnerabilities, specially XSS ones. Their filtering system has flaws, considering that it will remove with success <script>, <object>, <iframe> tags but it fails on removing <img>, <html>, <body> and <?import>.
Based on the above mentioned things I created a "Job Seeker" account with a fake CV and in the content of that CV I have inserted the following script:

<HTML><BODY><?xml:namespace prefix='t' ns='urn:schemas-microsoft-com:time'><?import namespace='t' implementation='#default#time2'><t:set attributeName='innerHTML' to='XSS&lt;script DEFER&gt;(function(){alert("Here you can do very nasty things!")})()&lt;/script&gt;'></BODY></HTML> 

When I previewed the CV...voila, the alert dialog appeared. In this way I was able to hijack the user session by making use of cookies and extract any information I wanted. The most interesting thing is that in this way some one can hijack the session of any "Employer" which is going to take a look at the CV and with custom "POST" and "GET" commands, infest the job posts of the "Employer" with similar malicious code. In this way a real web could be created starting just from one malicious CV.

There are also issues on Monster website in the section which allows you to upload your CV. You have the option to upload text files and Microsoft Word documents. In a text file I have inserted and <img> tag with an 'onload' event. When the content was rendered on the page and the invisible image was loaded and the 'onload' event was triggered I was able to execute any JavaScript code.