How I Escalated a Time-Based SQL Injection to RCE

The fundamental issue is as basic as it gets, one of the first attacks many budding hackers learn is ' or 1=1 in a login page. Well this was a SQLi in the username of a login form, taken a little further by enabling xp_cmdshell and gaining code execution. While its not an unheard of attack, it is uncommon to see SQL injection be so directly leveraged for RCE these days.