Jump to content
gabber_20

Mssql Injection ?

Recommended Posts

gabber_20

I have founde some sites that are are vuln to Sql Injection and the database is Microsoft SQL Server 2005 - 9.00.5000.00 (Intel X86)

.

Please someone cane tell me how to cane i control the CMD shell .. or how to crack the sa account password ..

Thanks ,.,.,

Share this post


Link to post
gabber_20

Resolved the problem .. with Havij is working the cmd shell ..

Share this post


Link to post
gabber_20

please someone cane tell me what command to use to upload an exe file with windows xp command prompt ..?

Thanks

Share this post


Link to post
robertray

I'm curious about the sites you say your are testing?

Share this post


Link to post
Armando

Ye exactly. I'm not your mother, but hope you have some kind of authorization to do those tests.

Share this post


Link to post
gabber_20

Is my friends site .. just wanted to show to my friend how easy si to compromise the whole site with SQl Injection ..

Share this post


Link to post
ficti0n

Ye exactly. I'm not your mother, but hope you have some kind of authorization to do those tests.

LOL well played.... haha gabber your original comments on this post left it open to interpretation as to your intent LOL Perhaps in the future you should provide more info so we know you are not robbing banks...

Share this post


Link to post
illumina

Gabber, I'm still not sure about your motives and definitely not convinced you're just testing a friends site (else I reckon you would've specified this initially), but I reckon the following post does give you enough information to convince a friend, but enough to keep you out of jail for hacking company webpages and transaction servers:

I think that a POC of the injection and a printed copy of http://www.owasp.org/index.php/SQL_Injection

Would be enough to convince your friend there is an issue that needs addressed. I think.

Share this post


Link to post
Armando

In the end the guy had used a stolen credit card to enroll in our course and we ended up with $50 in chargeback fees.

Share this post


Link to post
robertray

Something was always off. Bad news about the chargeback fees though.

Share this post


Link to post
Bluntlee

Wow fail

Share this post


Link to post
ficti0n

Man here is the thing about that, if you go and do stupid things such as use stolen credit cards to learn a skill where people put trust in your findings and confidentiality your results your just looking to FAIL..

Figures, that guy sounded like he was up to no good...

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×