Re: PENTEST MySQL on windows

[AdamT <adwulf () gmail com>]

Would you be able to store a binary executable file somewhere in a
MySQL field, and have the server export it to file somewhere in the fs
where you can run it, or where it can be run by an account with higher
privs?  eg - c:\winnt\profiles\administrator\start menu\progams\start
up


On Wed, 23 Feb 2005 15:32:21 -0500, Anthony Ruso <aruso () lgit com> wrote:
> Hi ALL,
>
> Doing a pentest on a site hosting a vulnerable verion of MySQL on a
> Windows box. I was able to get full access to the DB and export ALL the
> data. Anyone have any ideas on jumping to the Windows OS with full
> access to Just the DB.
>
> Thanks


-- 
AdamT
"Justify my text?  I'm sorry, but it has no excuse."