Metasploit and SQL injection
Published on Jan. 17, 2011 by SECFORCE
SECFORCE has released a set of scripts for enhancing Metasploit functionality exploiting SQL injection vulnerabilities. This is particularly useful in two scenarios:
- When an attacker achieves command execution on a database via SQL injection, but he wants all the functionality offered by Metasploit.
- The attacker identifies that the back-end SQL server is vulnerable to MS_09004 but has no credentials or direct access to the database.
The scripts can be retrieved from the Metasploit repository.
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/mssql_payload_sqli.rb
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb
You may also be interested in...
This part of the tutorial will focus on how to inspect all the different executables that you may find within the firmware using emulation software QEMU and then how to modify the firmware to get a root shell on the router.
See more
This article will present a new tool called NimWhispers based on the work of SysWhispers2 for using syscalls in the Nim programming language.
See more
