I am on a pentest assignment and have encountered an sql injection
vulnerability with an SQL Server 2005 in the background, complete with
dbo level access. I have successfully retrieved DB values and have
already presented as evidence. Now, i am directed to take the attack
to the next level and see the extent of the problem.
I am trying to run the xp_cmdshell stored procedure.
To ensure xp_cmdshell is enabled, i am running the following two queries:
EXEC master..sp_configure 'xp_cmdshell', '1'
RECONFIGURE
in the vulnerable parameter as:
';EXEC master..sp_configure 'xp_cmdshell', '1'' - This query
replies without any error
But when i append RECONFIGURE the following it returns an error:
';EXEC master..sp_configure 'xp_cmdshell', '1';RECONFIGURE' -
Incorrect syntax near "
I looked up the sp_configure functionality and don't see any
syntactical error, maybe the sequence, or incorrectly formed stacked
query.
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
I am on a pentest assignment and have encountered an sql injection
vulnerability with an SQL Server 2005 in the background, complete with
dbo level access. I have successfully retrieved DB values and have
already presented as evidence. Now, i am directed to take the attack
to the next level and see the extent of the problem.
I am trying to run the xp_cmdshell stored procedure.
To ensure xp_cmdshell is enabled, i am running the following two queries:
EXEC master..sp_configure 'xp_cmdshell', '1'
RECONFIGURE
in the vulnerable parameter as:
';EXEC master..sp_configure 'xp_cmdshell', '1'' - This query
replies without any error
But when i append RECONFIGURE the following it returns an error:
';EXEC master..sp_configure 'xp_cmdshell', '1';RECONFIGURE' -
Incorrect syntax near "
I looked up the sp_configure functionality and don't see any
syntactical error, maybe the sequence, or incorrectly formed stacked
query.
Any suggestions?
Thanx.
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]