You may have seen my last post related to DNS exfil in a MS-SQL environment using Burp Suite’s Collaborator tool. I had mentioned that spinning up a DNS infrastructure that allows you to perform DNS exfil outside of this tool can be difficult. I was quickly notified…
I had an engagement the other week where I discovered a few instances of Blind SQL Injection in a .NET application with a Microsoft SQL Server (MS-SQL) back-end database system. The underlying account user had “sysadmin” privileges but due to the reservations of my client, I chose…