Re: PENTEST MySQL on windows

From: AdamT (adwulf_at_gmail.com)
Date: 02/25/05

Next message: rzaluski: "RE: Traceroute"

Previous message: McClure David: "RE: Bypassing NTFS ACL"
In reply to: Anthony Ruso: "PENTEST MySQL on windows"
Next in thread: Tim: "Re: PENTEST MySQL on windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 24 Feb 2005 23:01:36 +0000
To: Anthony Ruso <aruso@lgit.com>, pen-test@securityfocus.com

Would you be able to store a binary executable file somewhere in a
MySQL field, and have the server export it to file somewhere in the fs
where you can run it, or where it can be run by an account with higher
privs? eg - c:\winnt\profiles\administrator\start menu\progams\start
up

On Wed, 23 Feb 2005 15:32:21 -0500, Anthony Ruso <aruso@lgit.com> wrote:
> Hi ALL,
>
> Doing a pentest on a site hosting a vulnerable verion of MySQL on a
> Windows box. I was able to get full access to the DB and export ALL the
> data. Anyone have any ideas on jumping to the Windows OS with full
> access to Just the DB.
>
> Thanks
>

-- 
AdamT
"Justify my text?  I'm sorry, but it has no excuse."

Next message: rzaluski: "RE: Traceroute"

Previous message: McClure David: "RE: Bypassing NTFS ACL"
In reply to: Anthony Ruso: "PENTEST MySQL on windows"
Next in thread: Tim: "Re: PENTEST MySQL on windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]