search

pwnwiki / pwnwiki.github.io

PwnWiki - The notes section of the pentesters mind.
http://pwnwiki.io
MIT License
552 stars 270 forks source link

Database backdoors #77

Open WebBreacher opened 10 years ago

WebBreacher commented 10 years ago

Content is here: http://resources.infosecinstitute.com/backdoor-sql-injection/

mubix commented 10 years ago

Just read through, what do you want to extract from that post?

jakxx commented 10 years ago

Hmm. The database backdoor concept via triggers is definitely sweet, however seems somewhat redundant if you already have database access (via SQLi or direct access) and command execution IMO

WebBreacher commented 10 years ago

I thought we could use some of these techniques and break them out into specifics. Instead of saying, "you could use SQLi to write out a script on the file system and then have the scheduler execute it" we could have a step by step method. That kind stuff. no?

mubix commented 10 years ago

ya, would be great, just didn't jump out at me, sounds good.