mssql
Update: MSSQL Injection Cheat Sheet
I just made some minor additions to the MSSQL Injection Cheat Sheet : Creating Users Deleting Users Assigning Users the DBA privilege
Enabling xp_cmdshell for SQL Server 2005
It’s disappointing to exploit a SQL injection, find you’re “sa”, then realise they’ve disabled xp_cmdshell (the default for MSSQL 2005). Fortunately, it’s possible to re-enable it quite easily…
Exfiltrating Data From MS SQL Server Via DNS
Exfiltrating data via Blind SQL Injection vulnerabilities can be slow, or the very least undesirably noisy. DNS may provide a faster alternative if the target system is connected to the Internet.