How to make Sqlmap obtain administrator rights for database?

Question

I'm using sqlmap to exploit databases in a DVWA-project.

However, after having exploited the database, I executed the following command to learn that the user is dvwa@%:

sqlmap -u "http://192.168.71.130/dvwa/vulnerabilities/sqli/?id=2&Submit=Submit#" -p id --cookie="security=low; PHPSESSID=kikm4b9s9tdk5kq21cs20jt9j1;" --current-user

I'm trying to INSERT something into the tables, with these commands:

sqlmap -u "http://192.168.71.130/dvwa/vulnerabilities/sqli/?id=2&Submit=Submit#" -p id --cookie="security=low; PHPSESSID=kikm4b9s9tdk5kq21cs20jt9j1;" --sql-query="INSERT INTO guestbook (comment,name) VALUES ('foo','bar');"

However, this fails - although a basic SELECT statement works fine.

I guess the dvwa@% user doesn't have privileges to INSERT/UPDATE.

Is it possible for sqlmap to automatically obtain administrator privileges for the database (in this case DVWA)?

Answer 1

1) If you are inserting into a SELECT/UPDATE/DELETE query you can only issue INSERT statements if stacked queries are available (you have to close the original query and start a new SQL statement). This is a limitation of the SQL language.

2) Privilege escalation would require a vulnerability in the database server or one of the stored procedures. Check the server version and look for stored procedures that execute as privileged user (e.g. EXECUTE AS statement in case of SQL Server). After you find a vulnerability you should execute the trigger instructions, which can be problematic if you don't have stacked queries.