Re: [sqlmap-users] re-create xp_cmdshell

Mon, 18 Jun 2012 02:24:55 -0700 

Hi Adi.

This means that CREATE PROCEDURE has to be used right after the semi-colon
(;) sign.

So, if you have a SELECT SQLi case like:
SELECT * FROM users WHERE id=$_GET['id']

you would need to inject into it something like:
http://www.target.com/vuln.asp?id=1;CREATE PROCEDURE..

As you are probably using "recreate steps" from
https://www.owasp.org/index.php/Testing_for_SQL_Server, this would mean
that you would need to inject:
http://www.target.com/vuln.asp?id=1;CREATE PROCEDURE xp_cmdshell(@cmd
varchar(255), @Wait int = 0) AS%0aDECLARE @result int, @OLEResult int,
@RunResult int%0a....

Kind regards,
Miroslav Stampar

On Mon, Jun 18, 2012 at 10:59 AM, Adi Mutu <adi_mut...@yahoo.com> wrote:

>
> Hello,
>
> I have a mssql 2000 sql injection in a pentest, i try to recreate
> xp_cmdshell and i get this:
>
> 'CREATE PROCEDURE' must be the first statement in a query batch.
>
> Anybody has any idea about this behavious and if it can be done something
> about this?
>
> Thanks
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to