Showing posts with label SQL Injection Attacks. Show all posts
Showing posts with label SQL Injection Attacks. Show all posts
Friday, December 31, 2010
Implementing & Preventing SQL Injection Attacks Tutorial -4
This summary is not available. Please
click here to view the post.
Saturday, December 25, 2010
Implementing & Preventing SQL Injection Attacks Tutorial -3
This summary is not available. Please
click here to view the post.
Sunday, December 19, 2010
Implementing & Preventing SQL Injection Attacks Tutorial -2
In the previous post, we have seen a basic sql attack structure. In this site, we will understand - how to find sql attack vulnerable site. To find SQL vulnerable sites, we can use google. We search for a specific strings in google to get sites which are revealing some information about the site. Such strings are called 'Google Dorks'. After that, we will check whether the site is vulnerable or not.
Most of these Dorks are found in .php sites.
Most of these Dorks are found in .php sites.
Saturday, December 18, 2010
Implementing & Preventing SQL Injection Attacks Tutorial -1
SQL Injection attacks are one the most well known penetration attacks. Major id theft/credit card/bank theft are conducted through SQL injection attacks. It's easy to implement & if you are well versed with sql syntax. SQL injection attacks are carried on by injecting dangerous SQL queries in the sql database of a site/organisation to make it to fetch sensitive/classified collection of data which may be username & password or email address or credit card no.
Sunday, October 10, 2010
Microsoft SQL Server Fingerprinting Tools
SQL Server fingerprinting is an essential step before performing any kind of penetration testing on database servers. There are two well known tools for Microsoft SQL Server Fingerprinting.
SQLPing 3.0 performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain. SQLPing 3.0 is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool which can be used to ferret-out servers you never knew existed on your network so you can properly secure them. .NET Framework v2.0 Required.
SQLVer has been built to utilise the same techniques as SQLPing.NET 1.3 beta, however, does not actually use a UDP packet sent to port 1434 packet to enumerate the MS SQL server version info. This tool in fact uses TCP port 1433 instead.
ESF is a modern tool, it help identifying granular level findings to further exploit database. ESF works for these versions:
The strengths of Exploit Next Generation SQL Fingerprint are:
SQLPing 3.0 performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain. SQLPing 3.0 is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool which can be used to ferret-out servers you never knew existed on your network so you can properly secure them. .NET Framework v2.0 Required.
SQLVer has been built to utilise the same techniques as SQLPing.NET 1.3 beta, however, does not actually use a UDP packet sent to port 1434 packet to enumerate the MS SQL server version info. This tool in fact uses TCP port 1433 instead.
ESF is a modern tool, it help identifying granular level findings to further exploit database. ESF works for these versions:
- Microsoft SQL Server 2000
- Microsoft SQL Server 2005
- Microsoft SQL Server 2008
The strengths of Exploit Next Generation SQL Fingerprint are:
- uses both TCP and UDP protocols
- capable to identify multiple Microsoft SQL Server instances and their TCP communication ports.
- does not require any authentication method to identify the Microsoft SQL Server version.
- uses probabilistic algorithm to identify the Microsoft SQL Server version, combining both TCP and UDP fingerprint.
Subscribe to:
Posts (Atom)