SECFORCE has released a set of scripts for enhancing Metasploit functionality exploiting SQL injection vulnerabilities. This is particularly useful in two scenarios:
- When an attacker achieves command execution on a database via SQL injection, but he wants all the functionality offered by Metasploit.
- The attacker identifies that the back-end SQL server is vulnerable to MS_09004 but has no credentials or direct access to the database.
The scripts can be retrieved from the Metasploit repository.