Update: MSSQL Injection Cheat Sheet

I just made some minor additions to the MSSQL Injection Cheat Sheet : Creating Users Deleting Users Assigning Users the DBA privilege

Tags: ,

Posted in: Blog

MSSQL Injection Cheat Sheet

Some useful syntax reminders for SQL Injection into MSSQL databases…

Tags: , ,

Posted in: SQL Injection

Enabling xp_cmdshell for SQL Server 2005

It’s disappointing to exploit a SQL injection, find you’re “sa”, then realise they’ve disabled xp_cmdshell (the default for MSSQL 2005). Fortunately, it’s possible to re-enable it quite easily…

Tags: , ,

Posted in: Blog

Exfiltrating Data From MS SQL Server Via DNS

Exfiltrating data via Blind SQL Injection vulnerabilities can be slow, or the very least undesirably noisy. DNS may provide a faster alternative if the target system is connected to the Internet.

Tags: , , ,

Posted in: Blog