From: AdamT (adwulf@gmail.com)
Date: Thu Feb 24 2005 - 18:01:36 EST
Would you be able to store a binary executable file somewhere in a
MySQL field, and have the server export it to file somewhere in the fs
where you can run it, or where it can be run by an account with higher
privs? eg - c:\winnt\profiles\administrator\start menu\progams\start
up
On Wed, 23 Feb 2005 15:32:21 -0500, Anthony Ruso <aruso@lgit.com> wrote:
> Hi ALL,
>
> Doing a pentest on a site hosting a vulnerable verion of MySQL on a
> Windows box. I was able to get full access to the DB and export ALL the
> data. Anyone have any ideas on jumping to the Windows OS with full
> access to Just the DB.
>
> Thanks
>
-- AdamT "Justify my text? I'm sorry, but it has no excuse."
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT