|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: PENTEST MySQL on windows
From: AdamT (adwulf
gmail.com)
Date: Thu Feb 24 2005 - 17:01:36 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Would you be able to store a binary executable file somewhere in a
MySQL field, and have the server export it to file somewhere in the fs
where you can run it, or where it can be run by an account with higher
privs? eg - c:\winnt\profiles\administrator\start menu\progams\start
up
On Wed, 23 Feb 2005 15:32:21 -0500, Anthony Ruso <arusolgit.com> wrote:
> Hi ALL,
>
> Doing a pentest on a site hosting a vulnerable verion of MySQL on a
> Windows box. I was able to get full access to the DB and export ALL the
> data. Anyone have any ideas on jumping to the Windows OS with full
> access to Just the DB.
>
> Thanks
>
--
AdamT
"Justify my text? I'm sorry, but it has no excuse."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]