Blind Sql Injection Brute Forcer Ver 2.3
|
|
|
||||||||||||
Description:
There is a SQL Injection in a web app. The connection to database is made as "scott" (unprivileged) user. First we run bsqlbf with default parameters and find the username as "scott". Then when we try to read password hashes, the attack fails because the user scott does not have privs to query sys.user$ table. So, we do priv escalation with bsqlbf and it returns password hash of sys user.Then we execute O.S command. In this case, the database server already had a nc.exe in C:\ drive, which we used to throw us a reverse shell.
This video has been referred to us by Sid ( sid [] notsosecure.com ).
This video has been referred to us by Sid ( sid [] notsosecure.com ).