One Click Ownage

13-7-2009

I’ve been keeping this under my desk for ages now. It’s been about 6 months since I came up with a practical exploitation of this idea and even developed an application to automate the scanning and exploitation process.

This attack is all about SQL Injection for lazy minds. One of the classical SQL Injection attacks in SQL Server – SA connections is obviously trying to get reverse shell from the target database. There are some ways to do it, like sending hundreds of requests or using PERL scripts, executables etc. I didn’t like the current approach and decided to find a better way to deal with it.

I think I came up with the holy grail of the this attack. One request to get a reverse shell, can’t get any better than that. You can copy paste it, you can stick it into an src attribute of an img tag to carry out a CSRF attack etc.

Recent Blog Posts

See all of the blog posts