search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
32.34k stars 5.7k forks source link

Support to identify linked/cluster DBMS servers when possible #21

Open bdamele opened 12 years ago

bdamele commented 12 years ago

Identify linked/cluster DBMS servers when possible (e.g. MSSQL)

stamparm commented 11 years ago

https://github.com/rapid7/metasploit-framework/pull/976

ghost commented 8 years ago

Proposed enhancements to MSSQL enumeration:

1) Add support for linked server enumeration:

2) Add support for schema enumeration on linked servers:

3) Add support for sql shell on linked servers.

More info: https://blog.netspi.com/how-to-hack-database-links-in-sql-server/

Thoughts?

stamparm commented 8 years ago

@lukapusic doable... though, only MsSQL as I can see. So, introducing too many new options for just one DBMS is a coding anti-pattern in sqlmap

leechristensen commented 7 years ago

+1 for this. I've had lots of success pillaging through DB links.

FWIW, database links aren't limited to just MSSQL. Oracle has them as well. https://docs.oracle.com/html/E25494_01/ds_concepts002.htm