When we are testing, one of the things that we want to treat as a valuable asset is the databases for our clients. This is where the company usually has most of the data that, if compromised, could cost the company a great amount of revenue. There are a number of different databases that are out there. We will concentrate on only three of them: Microsoft SQL, MySQL, and Oracle.
The MS SQL database has provided us with a number of vulnerabilities over the years, but as the versions of the database became more mature, the vulnerabilities decreased dramatically. We will start off by searching to see whether we can find any database exploits in the Exploit DB site for MS SQL. The results of the search are shown in the following screenshot:
As the previous image shows, we do not have a lot of current exploits against the Microsoft SQL server service itself, but the good news for us is there are applications that are running, and that is usually where we will find the exploitability...