Archive | Database Hacking

Advertisements


01 December 2011 | 33,285 views

The Mole – Automatic SQL Injection SQLi Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command […]

Continue Reading


21 November 2011 | 13,643 views

sqlsus 0.7.1 Released – MySQL Injection & Takeover Tool

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much more…Whenever […]

Continue Reading


14 November 2011 | 9,092 views

w3af v1.1 Released For Download – Web Application Attack & Audit Framework

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross […]

Continue Reading


27 September 2011 | 8,567 views

MySQL.com Compromised & Spreading Malware

The latest story doing the rounds is that MySQL.com got hacked and was serving malware which put it on the Google malware block list. It appears to be in the clear now though and it’s accessible again via Google. It seems to be a similar case with that of the recent Linux.com and Kernel.org hacks […]

Continue Reading


14 April 2011 | 18,242 views

sqlmap 0.9 Released – Automatic Blind SQL Injection Tool

It’s been a while since we’ve written about sqlmap, the last time was when 0.7 was released back in July 2009 – sqlmap 0.7 Released – Automatic SQL Injection Tool. Well sqlmap 0.9 has been released and has a considerable amount of changes including an almost entirely re-written SQL Injection detection engine. For those that […]

Continue Reading


23 February 2011 | 14,765 views

Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements

We wrote our first review of Acunetix WVS 6 back in January 2009 and published an update about the release of Acunetix Web Vulnerability Scanner (WVS) 6.5 in June 2009. The team over at Acunetix have been working hard on version 7 for quite some time and released a new build with added features earlier […]

Continue Reading


18 January 2011 | 14,405 views

Inguma Is Back – The Penetration Testing & Vulnerability Research Toolkit

Inguma is back and being actively developed again. It’s been quite a long time, far too long in fact. We first reported about Inguma way back in 2007 and our latest mention of it was in March 2008. A new version has just been released almost 3 years later with some major changes and a […]

Continue Reading


14 December 2010 | 17,142 views

SQLInject-Finder – Intelligent SQL Injection Detection Script

SQLInject-Finder is a simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format. The output includes: The suspicious […]

Continue Reading


12 October 2010 | 8,992 views

Exploit Next Generation SQL Fingerprint (ESF) – MS-SQL Server Fingerprinting Tool

SQL Server fingerprinting can be a time consuming process. It involves a lot many trial and error methods to fingerprint the exact SQL Server version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for a certain server are two of the ways to possibly fingerprint […]

Continue Reading


21 September 2010 | 23,389 views

Havij – Advanced Automated SQL Injection Tool

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the […]

Continue Reading


Advertisements