During my last pen test I found an sql vulnerability in the REFERER field of the headers. This revealed me, using sqlmap with --referer option, the DBMS which is Microsot SQL 2008,all db names, tables, db users etc. My problem is that I cannot test if a shell can be spawned, since xp_cmdshell cannot be enabled.
Does anyone know if it is possible to have a shell when dbms is MSSQL 2008 and how can this be done, using the referer field (is there a way to do that with sqlmap, sqlninja or other tool)?
Thanks a lot,
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!