Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

SQL Injection with msf v3.1

From: ezorrilla at tsf.com.pe (Edouard Zorrilla)
Date: Wed, 20 Feb 2008 15:26:44 -0500
mail me too please,

Regards

----- Original Message ----- 
From: "Fabrice MOURRON" <fab at revhosts.net>
To: <framework at spool.metasploit.com>
Sent: Wednesday, February 20, 2008 12:20 PM
Subject: Re: [framework] SQL Injection with msf v3.1



Yeah ;-)

Additionnaly, I'm working on an Oracle binding.
I've a got a functionnal PoC for injecting a PLSQL function (see attached
file).

Basically, just include the Exploit::Remote::Oracle and you could call
some news methods (like create_function, execute, ...) directly in your
module in PLSQL language.

More stuff before release my code, so any ideas are welcome.

If anyone is interested by the complete code, just mail me.

Fab


Nope. Not really.

A lot of SQL injections are custom built, and there are *currently* no 
SQL
payloads. There are PHP remote file include handlers however...

I'd like to work on some xp_cmdshell payloads if anyone is interested.

Any ideas? I need to read up on the payload code :( but have some ideas.

-Patrick
_______________________________________________
http://spool.metasploit.com/mailman/listinfo/framework






--------------------------------------------------------------------------------



_______________________________________________
http://spool.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: