Comments (4)
rapid7/metasploit-framework#976
from sqlmap.
Proposed enhancements to MSSQL enumeration:
- Add support for linked server enumeration:
- Proposed cmd:
--links
- Example method:
SELECT srvname FROM master..sysservers
- Add support for schema enumeration on linked servers:
- Proposed cmd:
-S _LINKEDSERVER_ --dbs
- Example method:
SELECT name FROM _LINKEDSERVER_.master.sys.databases
- Add support for sql shell on linked servers.
More info: https://blog.netspi.com/how-to-hack-database-links-in-sql-server/
Thoughts?
from sqlmap.
@lukapusic doable... though, only MsSQL as I can see. So, introducing too many new options for just one DBMS is a coding anti-pattern in sqlmap
from sqlmap.
+1 for this. I've had lots of success pillaging through DB links.
FWIW, database links aren't limited to just MSSQL. Oracle has them as well. https://docs.oracle.com/html/E25494_01/ds_concepts002.htm
from sqlmap.
Related Issues (20)
- union-based injection HOT 1
- anti-CSRF token 'XSRF-TOKEN' can't be found at HOT 1
- Slow boolean-based blind data extraction Jeddah HOT 1
- unable to retrieve the number of entries for table HOT 3
- what is the problem
- suspended (tty output) python sqlmap.py -u HOT 1
- How to extract database contents quickly HOT 1
- Eval for second order HOT 1
- Please help HOT 2
- cant fetch the tables from the database HOT 2
- Output As JSON Without API Mode HOT 3
- SQLMAP wasn't able to detect MS SQLI HOT 4
- Assistance Needed with Sqlmap Security Product HOT 2
- Triple base64encode HOT 2
- SQLMAP wasn't able to detect PostgreSQL HOT 1
- Csrf-token not set when data in json format. HOT 17
- Send raw binary data to `postprocess` function HOT 1
- Can someone help me? [WARNING] HTTP error codes detected during run: 406 (Not Acceptable) - 6 times HOT 2
- Two suggestions to reduce false positives
- GHAURI VS SQLMAP ?? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sqlmap.