SECFORCE has released a set of scripts for enhancing Metasploit functionality exploiting SQL injection vulnerabilities. This is particularly useful in two scenarios:
- When an attacker achieves command execution on a database via SQL injection, but he wants all the functionality offered by Metasploit.
- The attacker identifies that the backend SQL server is vulnerable to MS_09004 but has no credentials or direct access to the database.
The scripts can be retrieved from our security research page.