Metasploit mailing list archives
SQL Injection with msf v3.1
From: fab at revhosts.net (Fabrice MOURRON)
Date: Wed, 20 Feb 2008 18:20:24 +0100 (CET)
Yeah ;-) Additionnaly, I'm working on an Oracle binding. I've a got a functionnal PoC for injecting a PLSQL function (see attached file). Basically, just include the Exploit::Remote::Oracle and you could call some news methods (like create_function, execute, ...) directly in your module in PLSQL language. More stuff before release my code, so any ideas are welcome. If anyone is interested by the complete code, just mail me. Fab
Nope. Not really. A lot of SQL injections are custom built, and there are *currently* no SQL payloads. There are PHP remote file include handlers however... I'd like to work on some xp_cmdshell payloads if anyone is interested. Any ideas? I need to read up on the payload code :( but have some ideas. -Patrick _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
-------------- next part -------------- A non-text attachment was scrubbed... Name: dbms_export_extension.rb Type: application/octet-stream Size: 2550 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080220/c2123906/attachment.obj>
Current thread:
- Doing a thesis regarding security, (continued)
- Doing a thesis regarding security Douglas F. Calvert (Feb 18)
- Doing a thesis regarding security Daniel Guido (Feb 18)
- Doing a thesis regarding security H D Moore (Feb 18)
- Doing a thesis regarding security Edouard Zorrilla (Feb 19)
- Doing a thesis regarding security H D Moore (Feb 19)
- Doing a thesis regarding security Tim (Feb 19)
- Doing a thesis regarding security Daniel Guido (Feb 18)
- Doing a thesis regarding security Simen Bjelke (Feb 19)
- Doing a thesis regarding security Edouard Zorrilla (Feb 19)
- SQL Injection with msf v3.1 Edouard Zorrilla (Feb 20)
- SQL Injection with msf v3.1 Patrick Webster (Feb 20)
- SQL Injection with msf v3.1 Fabrice MOURRON (Feb 20)
- SQL Injection with msf v3.1 Edouard Zorrilla (Feb 20)
- SQL Injection with msf v3.1 diaul (Feb 21)
- Doing a thesis regarding security Douglas F. Calvert (Feb 18)