How can we get shell when dbms is SQL2008 and we found an sql vuln in REFERER field, which revealed version,dbs,tables etc?Sqlmap didn’t work.

5 pts.
Tags:
MSSQL 2008
SQL injection
Hello, During my last pen test I found an sql vulnerability in the REFERER field of the headers. This revealed me, using sqlmap with --referer option, the DBMS which is Microsot SQL 2008,all  db names, tables, db users etc. My problem is that I cannot test if a shell can be spawned, since xp_cmdshell cannot be enabled. Does anyone know if it is possible to have a shell when dbms is MSSQL 2008 and how can this be done, using the referer field (is there a way to do that with sqlmap, sqlninja or other tool)? Thanks a lot,

Software/Hardware used:
Backend DBMS: MS SQL 2008
ASKED: April 26, 2012  9:54 AM
UPDATED: April 26, 2012  7:15 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

What REFERER field in the headers? That’s from a web server not the SQL Server. If the web server if returning something that it shouldn’t then the web developer needs to fix that.

If you can’t enable xp_cmdshell within the SQL Server then you can’t get to the shell. That’s sort of the point.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following