Description
This module can be used to escalate SQL Server user privileges to sysadmin through a web SQL Injection. In order to escalate, the database user must to have the db_owner role in a trustworthy database owned by a sysadmin user. Once the database user has the sysadmin role, the mssql_payload_sqli module can be used to obtain a shell on the system.
The syntax for injection URLs is: /testing.asp?id=1+and+1=[SQLi];--
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/admin/mssql/mssql_escalate_dbowner_sqlimsf undefined(mssql_escalate_dbowner_sqli) > show actions ...actions...msf undefined(mssql_escalate_dbowner_sqli) > set ACTION < action-name >msf undefined(mssql_escalate_dbowner_sqli) > show options ...show and set options...msf undefined(mssql_escalate_dbowner_sqli) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub