Archive | Database Hacking


19 June 2009 | 11,231 views

Acunetix Web Vulnerability Scanner (WVS) 6.5 Released

You may remember a while back we did a Review of Acunetix Web Vulnerability Scanner 6 – the very full featured web vulnerability scanning software. Well the latest version has been released recently with some updates, bug fixes and improvements on the web application security front. I’m hoping to try out the AcuSensor on a […]

Continue Reading


13 May 2009 | 72,152 views

Pangolin – Automatic SQL Injection Tool

Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management […]

Continue Reading


23 March 2009 | 10,338 views

sqlsus 0.2 Released – MySQL Injection & Takeover Tool

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more… It is designed to maximize the amount of […]

Continue Reading


10 February 2009 | 5,328 views

Kaspersky Lab Alleged Customer Database Hack From SQL Injection Flaw

The latest big news is that on February 6th the Kaspersky Customer Records database was hacked through a simple SQL injection flaw on the website. The hacker claimed it was possible to expose all customer data including users, activation codes, lists of bugs, admins, shot and so on. The anonymous hacker hasn’t actually posted any […]

Continue Reading


20 January 2009 | 14,893 views

Acunetix Web Vulnerability Scanner 6 Review

As you might know if you’ve been reading for some time, I do occasionally review commercial software if it’s interesting and relevant – the last one I remember doing was back in 2007 “Outpost Security Suite PRO Review“. This time it’s for a much more relevant piece of software IMHO, and one which I actually […]

Continue Reading


06 January 2009 | 20,868 views

WITOOL v0.1 – GUI Based SQL Injection Tool in .NET

WITOOL is an graphical based SQL Injection Tool written in dotNET. – For SQL Server, Oracle – Error Base and Union Base Interface Features Retrieve schema : DB/TableSpace, Table, Column, other object Retrieve data : retrive paging, dump xml file Log : View the raw data HTTP log Environment OS: Windows 2000/XP/VISTA Requirement: Microsoft .NET(2.0) […]

Continue Reading


23 December 2008 | 6,726 views

Microsoft Warns of Serious MS-SQL 2000 & 2005 Vulnerability

Another big flaw has been discovered in Microsoft software just a few days after they broke their patch cycle to issue a patch for the IE bug that allowed remote code execution. This time however it doesn’t really effect home users or the general consumer, it’s a more specific server side vulnerability affecting Microsoft SQL […]

Continue Reading


22 December 2008 | 10,888 views

MultiInjector v0.3 Released – Automatic SQL Injection and Defacement Tool

You might remember a while ago we posted about MultiInjector which claims to the first configurable automatic website defacement tool, it got quite a bit of interest and shortly after that it was updated. Anyway, good or bad I think people deserve to know what is out there. Features Receives a list of URLs as […]

Continue Reading


18 December 2008 | 6,574 views

sqlmap 0.6.3 Released – Automatic SQL Injection Tool

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system […]

Continue Reading


12 December 2008 | 6,464 views

sapyto v0.98 Released – SAP Penetration Testing Framework Tool

sapyto is the first SAP Penetration Testing Framework, sapyto provides support to information security professionals in SAP platform discovery, investigation and exploitation activities. sapyto is periodically updated with the outcome of the deep research on the various security aspects in SAP systems. Although sapyto is a versatile and powerful tool, it is of major importance […]

Continue Reading