[sqlmap-users] post exploitation
Brought to you by:
inquisb
From: wullie m. <wul...@go...> - 2009-12-21 23:30:13
|
Hi list First off I just want to say thanks such a great tool and really appreciate all the hard work that you put into the project. When ever I use this to exploit a system, I usually get user names and passwords and all kinds of other which can come in handy. What I would really like to know is how to get command execution on a server that does not support batched queries? Please forgive me for being a noob to webapp security but in mysql I know there is the UDF's you have created but what is the present requirements to use these? I have had read and write access but still no shell have even been dba on a mssql system but still no shell are these limitations of the tool or could this be something to do with the paths Im asked for? Also is there any way I can get command execution on a system with only read access? I have heard this is possible via log poisening does anyone have any pointers on this. Thanks in advance -rogue |