Tag Archive | "sql-injection"


30 May 2007 | 21,865 views

OWASP – SQLiX Project – SQL Injection Scanner

SQLiX, coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL). The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind SQL […]

Continue Reading

16 May 2007 | 20,532 views

Comprehensive SQL Injection Cheat Sheet

A reader e-mailed me a while ago about a fairly comprehensive SQL Injection ‘Cheat Sheet’ they had created and posted up. I compared it to the other ones I had bookmarked, and it was different enough to be worth posting. Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of […]

Continue Reading

27 March 2007 | 4,793 views

JBroFuzz 0.5 from OWASP – Stateless Network Protocol Fuzzer

OWASP JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. Written in Java, it allows for the identification of certain classess of security vulnerabilities, by means of creating malformed data and having the network protocol in question consume the data. The purpose of this application is to provide a […]

Continue Reading

17 February 2007 | 15,027 views

sqlmap – Automated Blind SQL Injection Tool

sqlmap is an automatic blind SQL injection tool, developed in python, capable of enumerating an entire remote database, performing an active database fingerprint and much more. The aim of this project is to implement a fully functional database mapper tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities. […]

Continue Reading

28 October 2006 | 17,650 views

BobCat SQL Injection Tool based on Data Thief

BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named “Data Thief” that was published as PoC by appsecinc. BobCat can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user […]

Continue Reading

23 October 2006 | 10,687 views

The Top 5 Causes of Data Loss

An interesting enough article, but if you work in infosec you could probably guess the topics anyway. In a key step to help businesses better understand and protect themselves against the risks of fraud, Visa USA and the U.S. Chamber of Commerce announced the five leading causes of data breaches and offered immediate, specific prevention […]

Continue Reading

08 August 2006 | 5,078 views

Cyberwar Efforts Step-Up – NASA Sites Hacked

Ah cyberwar, cyber terrorism, efforts are ramping up, more sites are going down. The war in Lebanon is now showing its consequences in the digital world and a huge number of websites has been attacked and defaced as a protest against the invasion of Lebanon by Israel. Today two NASA websites were attacked as well. […]

Continue Reading

04 July 2006 | 39,242 views

Absinthe Blind SQL Injection Tool/Software

Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection. Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery. Features: Automated SQL Injection Supports MS SQL Server, […]

Continue Reading

27 June 2006 | 16,241 views

sqlninja 0.1.0alpha – MS-SQL Injection Tool

sqlninja is a little toy that has been coded during a couple of pen-tests done lately and it is aimed to exploit SQL Injection vulnerabilities on web applications that use Microsoft SQL Server as their back-end. It borrows some ideas from similar tools like bobcat, but it is more targeted in providing a remote shell […]

Continue Reading

15 June 2006 | 20,489 views

SQL Power Injector v1.1 Released

SQL Power Injector is a graphical application created in .Net 1.1 that helps the penetrating tester to inject SQL commands on a web page. For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal Mode). Moreover this application […]

Continue Reading

Popular Tags

computer-security · darknet · exploits · fuzzing · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · worms · XSS ·