Recently we were performing an web application penetration test to one of our clients and identified a SQL injection vulnerability. The vulnerability allowed us to conduct a degree of fingerprinting on the remote server; however, the Microsoft SQL Server back-end database didn’t allow to execute commands via the well known xp_cmdshell stored procedure.
Based on the fingerprinting information we identified that the database server was running an old and vulnerable version of MS SQL server. Microsoft SQL Sever 2000 SP3, to be precise.
All indicated that the server was vulnerable to MS09-004 vulnerability. However, it was not possible to get direct access to the database. Moreover no authentication credentials were discovered during the course of the assessment.
This is how our newly released Metasploit module was born. We coded an extension which can be added to Metasploit to exploit this vulnerability using a SQL injection vulnerability with no need of using credentials, as the web application will authenticate in our behalf.
Penetration testing - SQL injection exploitation
The screenshot above shows how to get meterpreter (or any other payload of your choice) exploiting the vulnerability from Metasploit.
If interested, get the scripts from our security tools area.
分享到:
相关推荐
藏经阁-Cracking-The-Lens-Exploiting-HTTPs-Hidden-Attack-Surface
藏经阁-Theyre-Coming-For-Your-Tools-Exploiting-Design-Flaws-For-Act
Feng-Many-Birds-One-Stone-Exploiting-A-Single-SQLite-Vulnerability-Across-Multiple-Software
us-17-Grange-Digital-Vengeance-Exploiting-The-Most-Notorious-C&C-Toolkits-wp
藏经阁-Exploiting-Network-Printers.pdf
Grange-Digital-Vengeance-Exploiting-The-Most-Notorious-C&C-Toolkits-wp
第一部分 破解入门: X86上的Linux 第二部分 多种平台上的破解:Windows, Solaris, and Tru64 第三部分 漏洞发现 第四部分 高级内容 很多人问如何入门如何入门,我却不知道要问的是入什么门。很少把某些好文章耐心...
Exploiting Software - How to Break Code.rar
aw030070a Addison Wesley - XML and SQL Developing Powerful Internet Applications
Wideband Low Noise Amplifiers Exploiting Thermal Noise Cancellation--[191].pdf
as-21-Shi-Mining-And-Exploiting-(Mobile)-Payment-Credential-Leaks-In-The-Wild
self-similarities single frame superresolution
Exploiting Event-Based Communication for Real-Time Distributed and Parallel Video Content Analysis.pdf
利用瓦片级和算子级并行性实现通用可伸缩图神经网络加速_ZIPPER Exploiting Tile- and Operator-level Parallelism for General and Scalable Graph Neural Network Acceleration.pdf
Attacks on Wireless Coexistence Exploiting Cross-Technology Performance Features for Inter-Chip Privilege Escalation_利用跨技术性能特征实现芯片间权限提升的无线共存攻击.pdf
利用视频游戏测试AV在DeepJanus工具上显示了该项目的不同方案。设想方案文件夹是原始文件夹,其中包含实现四个方案的deepJanus映射的简单版本。与DeepJanus集成集成的文件夹(这是实现原始方案之后的下一步)与...
But many developers have not mastered its underlying concepts and principles—relying on methodology and process instead of fully exploiting the power of object thinking in software design....
Exploiting Domain Knowledge via Grouped Weight Sharing