Home > IT Answers > SQL Server > How can we get shell when dbms is SQL2008 and we found an sql vuln in REFERER field, which revealed version,dbs,tables etc?Sqlmap didn’t work.
Astathaki
5 pts.
 How can we get shell when dbms is SQL2008 and we found an sql vuln in REFERER field, which revealed version,dbs,tables etc?Sqlmap didn’t work.
MSSQL 2008, SQL injection
Hello, During my last pen test I found an sql vulnerability in the REFERER field of the headers. This revealed me, using sqlmap with --referer option, the DBMS which is Microsot SQL 2008,allĀ  db names, tables, db users etc. My problem is that I cannot test if a shell can be spawned, since xp_cmdshell cannot be enabled. Does anyone know if it is possible to have a shell when dbms is MSSQL 2008 and how can this be done, using the referer field (is there a way to do that with sqlmap, sqlninja or other tool)? Thanks a lot,

Software/Hardware used:
Backend DBMS: MS SQL 2008
ASKED: April 26, 2012  9:54 AM
UPDATED: April 26, 2012  7:15 PM
RELATED QUESTIONS
Answer Wiki:
What REFERER field in the headers? That's from a web server not the SQL Server. If the web server if returning something that it shouldn't then the web developer needs to fix that. If you can't enable xp_cmdshell within the SQL Server then you can't get to the shell. That's sort of the point.
Last Wiki Answer Submitted:  April 26, 2012  7:15 pm  by  Denny Cherry   64,520 pts.
All Answer Wiki Contributors:  Denny Cherry   64,520 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _