During my last pen test I found an sql vulnerability in the REFERER field of the headers. This revealed me, using sqlmap with --referer option, the DBMS which is Microsot SQL 2008,all db names, tables, db users etc. My problem is that I cannot test if a shell can be spawned, since xp_cmdshell cannot be enabled.
Does anyone know if it is possible to have a shell when dbms is MSSQL 2008 and how can this be done, using the referer field (is there a way to do that with sqlmap, sqlninja or other tool)?
Thanks a lot,
Backend DBMS: MS SQL 2008
April 26, 2012 9:54 AM
April 26, 2012 7:15 PM