Metasploit and SQL injection
SECFORCE has released a set of scripts for enhancing Metasploit functionality exploiting SQL injection vulnerabilities. This is particularly useful in two scenarios:
- When an attacker achieves command execution on a database via SQL injection, but he wants all the functionality offered by Metasploit.
- The attacker identifies that the backend SQL server is vulnerable to MS_09004 but has no credentials or direct access to the database.
Tags: metasploit, MS09004, Penetration Testing, sql injection, Tools Posted in Penetration Testing, SECFORCE, Tools