Apr 24, 2013

Sophie – a web SQL shell [IIS Shell]

If you can exploit a flaw to upload files to an executable directory in an IIS environment, there are plenty of web shells around (some of which may be trojaned but that’s another issue) to give you an interactive command prompt via your browser. If the application makes use of a MS-SQL database, the same flaw can be used to upload Sophie, a “web SQL shell”, giving you access to the database via your browser as well:

Source: http://www.exploresecurity.com/?p=38

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.