Bsqlbf v2.3 In action

Loading...

2,761

Loading...

Sign in or sign up now!

Uploaded by sumsid999 on Jul 19, 2009

There is a SQL Injection in a web app. The connection to database is made as "scott" (unprivileged) user.

First we run bsqlbf with default parameters and find the username as "scott". Then when we try to read password hashes, the attack fails because the user scott does not have privs to query sys.user$ table. So, we do priv escalation with bsqlbf and it returns password hash of sys user.

Then we execute O.S command. In this case, the database server already had a nc.exe in C:\ drive, which we used to throw us a reverse shell.

Category:

Tags:

License:

Standard YouTube License

2 likes, 1 dislikes

see all

All Comments (0)

Sign In or Sign Up now to post a comment!

Loading...

0 / 00Unsaved Playlist Return to active list

Your queue is empty. Add videos to your queue using this button:
or sign in to load a different list.

Loading...Saving...