Penetration Testing mailing list archives
Re: xp_cmdshell with low permission
From: "Hanserl" <tomiknocker () hotmail com>
Date: Sun, 16 Oct 2005 13:00:43 -0700
you could try if you can instantiate COM objects and go from there. there are a couple of SPs that support this (they are starting with oa) eg. oaCreate.----- Original Message ----- From: "Frederic Charpentier" <fcharpen () xmcopartners com>
To: <pen-test () securityfocus com> Sent: Saturday, October 15, 2005 7:40 AM Subject: xp_cmdshell with low permission
Hello all, I'm conducting a pentest on a IIS/Coldfusion/MSSQL server.I've found a sql injection flaw, but the server does not allow me to run "xp_cmdshell" commands.I use the following trick : exec master.dbo.xp_cmdshell "dir"; -- The server response :EXECUTE permission denied on object 'xp_cmdshell', database 'master', owner 'dbo'.I understand the coldfusion script use a low privileged user. So, two questions :- Is there another way to use xp_cmdshell ?- Is it possible to change the current user ? (like http://../script?param=1';user(sa,"sa");exec master.dbo.xp_cmdshell "dir"; --Thanks in advance for ideas. FRED ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner:Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Port Scanner Reports Jeff Brossette (Oct 07)
- RE: Port Scanner Reports Brian Loe (Oct 08)
- Re: Port Scanner Reports Joachim Schipper (Oct 08)
- Re: Port Scanner Reports Syv Ritch (Oct 12)
- Re: Port Scanner Reports Serg Belokamen (Oct 13)
- xp_cmdshell with low permission Frederic Charpentier (Oct 15)
- Re: xp_cmdshell with low permission Hanserl (Oct 16)
- Re: Port Scanner Reports Serg Belokamen (Oct 13)
- <Possible follow-ups>
- Port Scanner Reports jeff . brossette (Oct 07)
- Re: Port Scanner Reports Gary E. Miller (Oct 08)
- Re: Port Scanner Reports Fco. Jose Garrido Matamoros (Oct 08)
- Re: Port Scanner Reports Satanic.Brain (Oct 08)
- RE: Port Scanner Reports Cory Michal (Oct 08)
- Re: Port Scanner Reports Richard Farina (Oct 11)
- Re: Port Scanner Reports Packet Man (Oct 13)
- Re: Port Scanner Reports Daniel Miessler (Oct 31)
- RE: Port Scanner Reports Hayes, Ian (Oct 08)
- RE: Port Scanner Reports Michael Gargiullo (Oct 10)