DBA password brute-force support on PgSQL/MSSQL - Githubissues

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool

http://sqlmap.org

Other

32.72k stars 5.74k forks source link

DBA password brute-force support on PgSQL/MSSQL #31

Open bdamele opened 12 years ago

bdamele commented 12 years ago

MSSQL: OPENROWSET
PgSQL: dblink()

stamparm commented 12 years ago

Combine with CVE-2012-2122 (http://seclists.org/oss-sec/2012/q2/493) for MySQL

stamparm commented 11 years ago

Example for MsSQL: http://labs.portcullis.co.uk/download/Revelli-OwaspDay2-Rome.pdf (slides 21 & 22)

stamparm commented 11 years ago

http://www.secforce.com/blog/2013/01/stacked-based-mssql-blind-injection-bypass-methodology/