Metasploit mailing list archives
SQL Injection with msf v3.1
From: ezorrilla at tsf.com.pe (Edouard Zorrilla)
Date: Wed, 20 Feb 2008 15:26:44 -0500
mail me too please, Regards ----- Original Message ----- From: "Fabrice MOURRON" <fab at revhosts.net> To: <framework at spool.metasploit.com> Sent: Wednesday, February 20, 2008 12:20 PM Subject: Re: [framework] SQL Injection with msf v3.1
Yeah ;-) Additionnaly, I'm working on an Oracle binding. I've a got a functionnal PoC for injecting a PLSQL function (see attached file). Basically, just include the Exploit::Remote::Oracle and you could call some news methods (like create_function, execute, ...) directly in your module in PLSQL language. More stuff before release my code, so any ideas are welcome. If anyone is interested by the complete code, just mail me. FabNope. Not really. A lot of SQL injections are custom built, and there are *currently* no SQL payloads. There are PHP remote file include handlers however... I'd like to work on some xp_cmdshell payloads if anyone is interested. Any ideas? I need to read up on the payload code :( but have some ideas. -Patrick _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
--------------------------------------------------------------------------------
_______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
Current thread:
- Doing a thesis regarding security, (continued)
- Doing a thesis regarding security Daniel Guido (Feb 18)
- Doing a thesis regarding security H D Moore (Feb 18)
- Doing a thesis regarding security Edouard Zorrilla (Feb 19)
- Doing a thesis regarding security H D Moore (Feb 19)
- Doing a thesis regarding security Tim (Feb 19)
- Doing a thesis regarding security Daniel Guido (Feb 18)
- Doing a thesis regarding security Simen Bjelke (Feb 19)
- Doing a thesis regarding security Edouard Zorrilla (Feb 19)
- SQL Injection with msf v3.1 Edouard Zorrilla (Feb 20)
- SQL Injection with msf v3.1 Patrick Webster (Feb 20)
- SQL Injection with msf v3.1 Fabrice MOURRON (Feb 20)
- SQL Injection with msf v3.1 Edouard Zorrilla (Feb 20)
- SQL Injection with msf v3.1 diaul (Feb 21)