Re: [sqlmap-users] hmm
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] hmm
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-05-20 11:19:52
|
James, On Thu, May 20, 2010 at 06:14, <ja...@ev...> wrote: > ... > Im currently attempting to attack an interesting setup.. A RedHat(Apache) > > box with a PHP front end linked to a MS SQL db. It's a quite common setup. I've seen also Windows/Apache/PHP(or Perl) with back-end MSSQL or MySQL recently. > Since its Apache+Linux it > > doesnt support stacked queries.. Mmmh, PHP does support stacked queries when the back-end is MSSQL. Try yourself with a SQL payload like ; WAITFOR DELAY '0:2:00';-- > Its also slow as dog crap going up a hill > > with the blind injection. Does anyone know of a way to use the OPENROWSET > > type attack without stacked queries? You can try with UNION ALL SELECT 'foobar' FROM OPENROWSET... > Or basically have any ideas how I can > > get enough proof of data from this box relatively quick? If it is affected by an error-based SQL injection also, something like AND 1=(SELECT ...) might do the trick otherwise a UNION query SQL injection can help, if vulnerable. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
