Penetration Testing mailing list archives
Re: PENTEST MySQL on windows
From: AdamT <adwulf () gmail com>
Date: Thu, 24 Feb 2005 23:01:36 +0000
Would you be able to store a binary executable file somewhere in a MySQL field, and have the server export it to file somewhere in the fs where you can run it, or where it can be run by an account with higher privs? eg - c:\winnt\profiles\administrator\start menu\progams\start up On Wed, 23 Feb 2005 15:32:21 -0500, Anthony Ruso <aruso () lgit com> wrote:
Hi ALL, Doing a pentest on a site hosting a vulnerable verion of MySQL on a Windows box. I was able to get full access to the DB and export ALL the data. Anyone have any ideas on jumping to the Windows OS with full access to Just the DB. Thanks
-- AdamT "Justify my text? I'm sorry, but it has no excuse."
Current thread:
- PENTEST MySQL on windows Anthony Ruso (Feb 24)
- Re: PENTEST MySQL on windows AdamT (Feb 25)
- Re: PENTEST MySQL on windows Tim (Feb 25)
- Re: PENTEST MySQL on windows Sels, Roger (Feb 25)
- <Possible follow-ups>
- Re: PENTEST MySQL on windows Marco Ivaldi (Feb 25)
- FW: PENTEST MySQL on windows Anthony Ruso (Feb 25)