Re: custom xp_cmdshell on SQL Server

From: Stefano Zanero (s.zanero@securenetwork.it)
Date: Fri Sep 15 2006 - 05:35:32 EDT

• Next message: Leece, Doug: "https web crawler"
• Previous message: Marco Ivaldi: "Re: User group tool"
• In reply to: Andy Lester: "custom xp_cmdshell on SQL Server"
• Next in thread: Victor Chapela: "RE: custom xp_cmdshell on SQL Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Andy Lester wrote:
> Hello list,
>
> I am pen-testing a web app that is vulnerable to SQL Injection. The
> queries to the backend DB are done with a non-privileged user, but using
> OPENROWSET and inference-based injection I have been able to find the sa
> password and escalate privileges.

Did you have a look at SQL Ninja ?
http://sqlninja.sourceforge.net/

It's a handy tool when you deal with SQL Server.

Stefano

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

• Next message: Leece, Doug: "https web crawler"
• Previous message: Marco Ivaldi: "Re: User group tool"
• In reply to: Andy Lester: "custom xp_cmdshell on SQL Server"
• Next in thread: Victor Chapela: "RE: custom xp_cmdshell on SQL Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:57 EDT