Return to forum

Wolfy999 · April 2, 2022 at 11:00 AM

Hi,

I know of a vulnerable site, using blind boolean based technique you can exploit the db. It works with sql map but due to the nature of the technique, it takes forever.

I have tried sqli dumper but it doesn't seem to pick it up, even if i try and manually configure it.

Could anyone advise a better way of dumping this? Happy to share the db if successful

onlyengilsh · April 5, 2022 at 7:38 AM

With boolean based blind did you verify what are the privileges for the current database and user instead of dumping data?

Wolfy999 · April 7, 2022 at 7:25 PM

(April 5, 2022, 07:38 AM)onlyengilsh Wrote: With boolean based blind did you verify what are the privileges for the current database and user instead of dumping data?

I can't find the address of the database, I have found the origin ip of the webserver but it isn't running ms-sql, Im currently trying to find that then will look into attempting to connect directly to the database, any suggestions for finding a way to remote connect?

The version is ms msql server 2012 11.0.2, so may even be able to exploit it with a CVE

INTERPOL · October 8, 2022 at 7:37 PM

The thread is few months old but this might help in some cases
DNS Exfiltration through Blind SQL Injection in a MS-SQL Environment Using Burp Collaborator

kellertag · November 12, 2022 at 3:07 PM

niiice workkkkkk