Metasploit and SQL injection
Published on Jan. 17, 2011 by SECFORCE
SECFORCE has released a set of scripts for enhancing Metasploit functionality exploiting SQL injection vulnerabilities. This is particularly useful in two scenarios:
- When an attacker achieves command execution on a database via SQL injection, but he wants all the functionality offered by Metasploit.
- The attacker identifies that the back-end SQL server is vulnerable to MS_09004 but has no credentials or direct access to the database.
The scripts can be retrieved from the Metasploit repository.
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/mssql_payload_sqli.rb
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb
You may also be interested in...
SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase.
See more
CVE-2017-0199 leverages the way an OLE object is embedded into a Word/RTF document making it possible to execute its content without user interaction.
See more
