We can also run SQL-based queries against the target database server using the mssql_sql module. Setting the SQL option to any valid database query will execute it, as shown in the following screenshot:
We set the SQL parameter to select @@version. The database server ran the query successfully, and we got the version of the database.
Therefore, following the preceding procedures, we can test out various databases for vulnerabilities using Metasploit.