Archive | Database Hacking

Advertisements


27 June 2006 | 16,237 views

sqlninja 0.1.0alpha – MS-SQL Injection Tool

sqlninja is a little toy that has been coded during a couple of pen-tests done lately and it is aimed to exploit SQL Injection vulnerabilities on web applications that use Microsoft SQL Server as their back-end. It borrows some ideas from similar tools like bobcat, but it is more targeted in providing a remote shell […]

Continue Reading


16 June 2006 | 4,495 views

CLR and SQL Server 2005

Microsoft has taken a bit of a leap with the integration of .net into SQL Server, and a lot of developers(Myself included) are worrying about what security implications this could have. DevX.com have taken an in-depth look into the guts of it, and spilled them onto a page for us all to look at. CAS […]

Continue Reading


15 June 2006 | 20,484 views

SQL Power Injector v1.1 Released

SQL Power Injector is a graphical application created in .Net 1.1 that helps the penetrating tester to inject SQL commands on a web page. For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal Mode). Moreover this application […]

Continue Reading


01 June 2006 | 3,892 views

My SQL2005 Diary – Part 2

So over a month down the line, our SQL2005 upgrade project should now be in the workable prototype stage. But as with all things that “should” be(More security in IE, Great Britain ruling the world and my kitchen being fitted), it’s not, it’s not even close. On top of this our company is currently undergoing […]

Continue Reading


27 April 2006 | 12,722 views

Oracle Releases a Default Password Scanner

Oracle is getting serious with security? Again..? Oracle Corp. has published a collection of software patches that address security vulnerabilities in a range of the company’s products, including its database and application server software. As part of this update, it also released a tool designed to ferret out commonly used default passwords that theoretically could […]

Continue Reading


14 April 2006 | 53,986 views

bsqlbf 1.1 – Blind SQL Injection Tool

bsqlbf is a tool for Blind SQL Injection attacks, a pretty nifty one too! The author says there are similar tools about, but he’s tried to combine all the techniques into one compact but complete tool. # CHANGELOG: # -get now support resume (with -start option) # -get to fetch files (thank you ilo AGAIN) […]

Continue Reading


11 April 2006 | 3,971 views

Oracle on the Quest for ‘Secure Search’ – Rival for Google Desktop?

A competitor for our buddy Google Desktop perhaps? ORACLE, the world’s third- biggest software maker, has begun selling software that allows users to search only personal data on their work computers such as email, word documents and calendar appointments. Chief executive Larry Ellison says the California company’s new search program “is one of the biggest […]

Continue Reading


01 April 2006 | 16,843 views

P*rn Database Hacked – Buyers Exposed!

Haha, well serves them right, get out and get laid guys. Online payment company iBill on Thursday said a massive cache of stolen consumer data uncovered by security experts did not come from its database. “I’m the first person that would have taken this to the FBI and the first person to have gone on […]

Continue Reading


29 March 2006 | 8,877 views

My SQL2005 Diary – Part1

At the place I pretend to work, the time has come that most developers equally fear and love, upgrade time. We’ve been using MSSQL2000 for 90% of our work for about 4 years now, and it’s served us well, but when a change as big as 2005 server comes along, you have to make the […]

Continue Reading


Advertisements