Metasploit and SQL injection

imagensecforcepost.png

SECFORCE has released a set of scripts for enhancing Metasploit functionality exploiting SQL injection vulnerabilities. This is particularly useful in two scenarios:

The scripts can be retrieved from the Metasploit repository.

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/mssql_payload_sqli.rb

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb

You may also be interested in...

CVE-2022-20942
Dec. 13, 2022

CVE-2022-20942: It's not old functionality, it's vintage

Cisco information disclosure vulnerability leveraging supposedly removed legacy functionality

See more
imagensecforcepost.png
Nov. 16, 2012

Shortcomings of following IIS security best practices

Benefits of a layered security approach

See more