Fast-Track SQL Injector POST Attack
iSpeech.org
The Microsoft SQL Injector will exploit Microsoft SQL server SQL Injection, this is done by calling the xp cmdshell stored procedure. The MSSQL injector is used once you have found a SQL Injectable site, this will attempt to give you a reverse command shell to the system. The SQL injector uses a unique payload delivery system by using what's called Binary to Hex payloads. The Binary to Hex converts a our payload to hexadecimal then sends it to the remote system and uses windows debug to convert it back to a binary for us. This allows us to convert our payloads without ever executing any egress connections until the actual payload is on the system and executed. The SQL injector supports query string parameters and POST parameters.
Likes: 1
Viewed:
source
Gloss