Archive | Database Hacking


23 March 2009 | 10,309 views

sqlsus 0.2 Released – MySQL Injection & Takeover Tool

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more… It is designed to maximize the amount of [...]

Continue Reading


10 February 2009 | 5,321 views

Kaspersky Lab Alleged Customer Database Hack From SQL Injection Flaw

The latest big news is that on February 6th the Kaspersky Customer Records database was hacked through a simple SQL injection flaw on the website. The hacker claimed it was possible to expose all customer data including users, activation codes, lists of bugs, admins, shot and so on. The anonymous hacker hasn’t actually posted any [...]

Continue Reading


20 January 2009 | 14,776 views

Acunetix Web Vulnerability Scanner 6 Review

As you might know if you’ve been reading for some time, I do occasionally review commercial software if it’s interesting and relevant – the last one I remember doing was back in 2007 “Outpost Security Suite PRO Review“. This time it’s for a much more relevant piece of software IMHO, and one which I actually [...]

Continue Reading


06 January 2009 | 20,773 views

WITOOL v0.1 – GUI Based SQL Injection Tool in .NET

WITOOL is an graphical based SQL Injection Tool written in dotNET. – For SQL Server, Oracle – Error Base and Union Base Interface Features Retrieve schema : DB/TableSpace, Table, Column, other object Retrieve data : retrive paging, dump xml file Log : View the raw data HTTP log Environment OS: Windows 2000/XP/VISTA Requirement: Microsoft .NET(2.0) [...]

Continue Reading


23 December 2008 | 6,717 views

Microsoft Warns of Serious MS-SQL 2000 & 2005 Vulnerability

Another big flaw has been discovered in Microsoft software just a few days after they broke their patch cycle to issue a patch for the IE bug that allowed remote code execution. This time however it doesn’t really effect home users or the general consumer, it’s a more specific server side vulnerability affecting Microsoft SQL [...]

Continue Reading


22 December 2008 | 10,701 views

MultiInjector v0.3 Released – Automatic SQL Injection and Defacement Tool

You might remember a while ago we posted about MultiInjector which claims to the first configurable automatic website defacement tool, it got quite a bit of interest and shortly after that it was updated. Anyway, good or bad I think people deserve to know what is out there. Features Receives a list of URLs as [...]

Continue Reading


18 December 2008 | 6,561 views

sqlmap 0.6.3 Released – Automatic SQL Injection Tool

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system [...]

Continue Reading


12 December 2008 | 6,359 views

sapyto v0.98 Released – SAP Penetration Testing Framework Tool

sapyto is the first SAP Penetration Testing Framework, sapyto provides support to information security professionals in SAP platform discovery, investigation and exploitation activities. sapyto is periodically updated with the outcome of the deep research on the various security aspects in SAP systems. Although sapyto is a versatile and powerful tool, it is of major importance [...]

Continue Reading


05 November 2008 | 11,685 views

MultiInjector – Automated Stealth SQL Injection Tool

MultiInjector claims to the first configurable automatic website defacement software, I’m not sure if that’s a good thing – or a bad thing. But well here it is anyway. Features Receives a list of URLs as input Recognizes the parameterized URLs from the list Fuzzes all URL parameters to concatenate the desired payload once an [...]

Continue Reading


29 October 2008 | 7,909 views

Google Hacking Back in The News – Google Takes Action

Google hacking was the big thing back in 2004, I actually did a talk on it in Hack in the Box 2004, it’s resurfaced again as a serious threat with Google noticing more queries relating to things like social security numbers. The Google Hacking Database has been active for years now and there are hundreds [...]

Continue Reading