Hi All,
While trying out the sql shell option, I saw that sql-map spawns a sql-shell
for me, great!
The vulnerable application was running on a low privileged account, not
root@localhost. But when I did
sql-shell>select user()
It tells me the user is root@localhost.
Is it that sql-map opens up a shell with a root account, irrespective of the
account application is running on. Seems unrealistic though.
If not what could be the possible reason?
Regards
Vivek Sharma
THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE
PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its
subsidiaries, ("BlackRock") does not waive any confidentiality or privilege. If
you are not the intended recipient, please notify us immediately and destroy
the message without disclosing its contents to anyone. Any distribution, use or
copying of this e-mail or the information it contains by other than an intended
recipient is unauthorized. The views and opinions expressed in this e-mail
message are the author's own and may not reflect the views and opinions of
BlackRock, unless the author is authorized by BlackRock to express such views
or opinions on its behalf. All email sent to or from this address is subject to
electronic storage and review by BlackRock. Although BlackRock operates
anti-virus programs, it does not accept responsibility for any damage
whatsoever caused by viruses being passed.
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
