xp_cmdshell as dbo user only able to run ‘ping localhost’ to verify RCE?
I am doing a pentest on a client’s ASP web application and I have identified a blind SQL injection. However, after enabling xp_cmdshell, I am only able to run the ping localhost command to verify the RCE, which has a 3-second delay. I also… Continue reading xp_cmdshell as dbo user only able to run ‘ping localhost’ to verify RCE?