Archive | Database Hacking

Advertisements


13 July 2007 | 18,197 views

FG-Injector – SQL Injection & Proxy Tool

FG-Injector Framework is a set of tools designed to help find SQL injection vulnerabilities in web applications, and help the analyst assess their severity. It includes a powerful proxy feature for intercepting and modifying HTTP requests, and an inference engine for automating SQL injection exploitation. Often web developers think that by disabling error messages in […]

Continue Reading


09 July 2007 | 10,777 views

sqlget v1.0.0 – Blind SQL Injection Tool in PERL

sqlget is a blind SQL injection tool developed in Perl, it lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file. Databases supported: IBM DB2 Microsoft SQL Server Oracle Postgres Mysql […]

Continue Reading


29 June 2007 | 10,040 views

OAPScan – Oracle Application Server Scanner

We got an e-mail a while back about this new and apparently simple Oracle Application Server scanner. It detects web pages, DADs (Database Access Descriptors) and test applications installed by default. It may be useful for system hardening and pen-test. You can download OAPScan here: OAPScan.tar.gz

Continue Reading


22 June 2007 | 12,938 views

sqlninja 0.1.2 Released for Download – SQL Injection Tool

sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of […]

Continue Reading


08 June 2007 | 25,572 views

Priamos Project – SQL Injector and Scanner

PRIAMOS is a powerful SQL Injector & Scanner You can search for SQL Injection vulnerabilities and inject vulnerable string to get all Database names, Tables and Column data with the injector module. You should only use PRIAMOS to test the security vulnerabilities of your own web applications (obviously). The first release of PRIAMOS contain only […]

Continue Reading


05 June 2007 | 39,999 views

SQLBrute – SQL Injection Brute Force Tool

SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities. It supports time based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and doesn’t require non-standard libraries (there is some code in there for pycurl, […]

Continue Reading


30 May 2007 | 21,947 views

OWASP – SQLiX Project – SQL Injection Scanner

SQLiX, coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL). The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind SQL […]

Continue Reading


16 May 2007 | 20,538 views

Comprehensive SQL Injection Cheat Sheet

A reader e-mailed me a while ago about a fairly comprehensive SQL Injection ‘Cheat Sheet’ they had created and posted up. I compared it to the other ones I had bookmarked, and it was different enough to be worth posting. Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of […]

Continue Reading


24 November 2006 | 3,886 views

Oracle MEGA Patch Fixes 101 Security Bugs

Oracle in its very own style recently published a mega patch, it could be called the mother of all patches. Actually 101 bugs…the scary part is 45 can be exploited remotely. Oracle published the mother of all security patches containing 101 fixes for flaws in its database, application server, E-Business Suite and PeopleSoft and JD […]

Continue Reading


28 October 2006 | 17,742 views

BobCat SQL Injection Tool based on Data Thief

BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named “Data Thief” that was published as PoC by appsecinc. BobCat can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user […]

Continue Reading


Advertisements