Original Post: How I Escalated a Time-Based SQL Injection to RCE
This vulnerability was analyzed during Episode 91 on 18 October 2021
The fundamental issue is as basic as it gets, one of the first attacks many budding hackers learn is ' or 1=1
in a login page. Well this was a SQLi in the username of a login form, taken a little further by enabling xp_cmdshell
and gaining code execution. While its not an unheard of attack, it is uncommon to see SQL injection be so directly leveraged for RCE these days.