sqlmap icon indicating copy to clipboard operation
sqlmap copied to clipboard
verified publisher icon sqlmapproject

Support to run a query as another DB user

Open bdamele opened this issue 13 years ago • 4 comments

When stacked queries is supported use OPENROWSET (MSSQL) and dblink() (PostgreSQL) to run a statement as a different user (e.g. higher privileged user for instance after a password cracking attack).

The same library code can be used in ticket #31.

bdamele avatar Jun 26 '12 15:06 bdamele

First rough implementation in commit 66979270983a9659827d86b30fedfc5b6508e5e3 (forgot to reference this issue in the commit message)

bdamele avatar Jul 02 '12 01:07 bdamele

Done for MSSQL.

bdamele avatar Jul 09 '12 15:07 bdamele

As of PostgreSQL 9.1, dblink() function is still in the contrib folder and not packaged by default:

[...] modules that can be found in the contrib directory of the PostgreSQL distribution. These include porting tools, analysis utilities, and plug-in features that are not part of the core PostgreSQL system [...]

It requires the DBA to manually compile PostgreSQL and run the dblink.sql statement to create the function before being usable.

Hence, shall we support it despite there're very little chances we ever find it available? Comments are welcome.

bdamele avatar Jul 12 '12 09:07 bdamele

Currently Google says 135.000 results for search query: dblink postgresql. That doesn't say anything that if the task is not too hard to be accomplished it wouldn't be something of total lack of practical usage.

stamparm avatar Jul 12 '12 10:07 stamparm