Re: [sqlmap-users] re-create xp_cmdshell
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] re-create xp_cmdshell
|
From: Miroslav S. <mir...@gm...> - 2012-06-18 09:24:37
|
Hi Adi. This means that CREATE PROCEDURE has to be used right after the semi-colon (;) sign. So, if you have a SELECT SQLi case like: SELECT * FROM users WHERE id=$_GET['id'] you would need to inject into it something like: http://www.target.com/vuln.asp?id=1;CREATE PROCEDURE.. As you are probably using "recreate steps" from https://www.owasp.org/index.php/Testing_for_SQL_Server, this would mean that you would need to inject: http://www.target.com/vuln.asp?id=1;CREATE PROCEDURE xp_cmdshell(@cmd varchar(255), @Wait int = 0) AS%0aDECLARE @result int, @OLEResult int, @RunResult int%0a.... Kind regards, Miroslav Stampar On Mon, Jun 18, 2012 at 10:59 AM, Adi Mutu <adi...@ya...> wrote: > > Hello, > > I have a mssql 2000 sql injection in a pentest, i try to recreate > xp_cmdshell and i get this: > > 'CREATE PROCEDURE' must be the first statement in a query batch. > > Anybody has any idea about this behavious and if it can be done something > about this? > > Thanks > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
