Skip to content

Instantly share code, notes, and snippets.

james-otten /
Last active Dec 15, 2020
SolarWinds Database Performance Analyzer Various XSS

SolarWinds Database Performance Analyzer Various XSS CVE-2018-16243

James Otten 8/30/2018

All items tested in versions 11.1.468 and 12.0.3074.

Instance 1

  • As a low privileged read only user, navigate to /iwc/<svg/onload=alert(/error_log/)>&type=&pm=P
  • As a privileged user, go to /iwc/ and view the contents of the iwc or error log.
  • XSS experienced.

Keybase proof

I hereby claim:

  • I am james-otten on github.
  • I am jamesotten ( on keybase.
  • I have a public key ASAbhH3qh6bJTEWb6Q-lGcRQsS154onwIZdxXYktue8I9go

To claim this, I am signing this object:

james-otten /
Created Oct 16, 2019
Workflow for adding new nikto tests

Add nikto tests

  • Add new tests nano -L program/databases/udb_tests
  • Test just the new tests ./ -Userdbs tests -Plugins tests -Display V -host
  • Move the new tests to the db cat udb_tests >> db_tests
for DOC in $(find metasploit-framework/documentation -type f -name '*.md'); do
quotes=$(grep -o \`\`\` $DOC | wc -l)
if [ "$(($quotes % 2))" != "0" ]; then
echo $DOC $quotes
james-otten /
Last active Aug 21, 2021
Executing Python inside MSSQL using sp_execute_external_script

Executing Python in MSSQL

MSSQL 2017 includes Microsoft Machine Learning Services, which allows for the execution of Python and R scripts within MSSQL via sp_execute_external_script. This is an expansion of the functionality available in MSSQL 2016, which allowed for the execution of R scripts with SQL Server R Services. Examples of how to abuse this functionality with R scripts are available elsewhere.

To execute Python code:

  • Machine Learning Services (In-Database) and Python must have been selected during installation
  • External scripts must be enabled
    • EXEC sp_configure 'external scripts enabled', 1
    • Restart the database server
  • The user must have EXECUTE ANY EXTERNAL SCRIPT