Select Page

Exploiting SQL injection vulnerabilities with Metasploit

In this post we are going to show how to exploit a SQL injection vulnerability on a web application using Microsoft SQL server backend where xp_cmdshell is available to the attacker. Given a penetration test to a web application it is identified that it is vulnerable...

Exploiting MS09-004 via SQL injection

Recently we were performing an web application penetration test to one of our clients and identified a SQL injection vulnerability. The vulnerability allowed us to conduct a degree of fingerprinting on the remote server; however, the Microsoft SQL Server back-end...

Metasploit and SQL injection

SECFORCE has released a set of scripts for enhancing Metasploit functionality exploiting SQL injection vulnerabilities. This is particularly useful in two scenarios: When an attacker achieves command execution on a database via SQL injection, but he wants all the...