Quite frequently when I pentest, I come across time-based blind sql injection points and find that the user is never the dba. This means I cannot access any data or get the admins password. I'm not sure if I can execute system commands, as I have not tried it, but does anyone know any way around this problem? Cuz it's alot better when I can tell the website admin "Here's all of your data" vs "You have a vunerability".
Below link for a Article might be helpful for you: In this excellent article, Mark Baggett covers a technique he's implemented in a brand new tool for making blind SQL injection penetration testing and ethical hacking far more efficient using dynamic character frequency tables. The article describes his approach, covers a new tool he's created, and features a video demo. Awesome stuff for a penetration tester's toolbox, Mark! --Ed http://pen-testing.sans.org/blog/2011/10/31/making-blind-sql-injection-more-efficient-new-tool#
