sqlget is a blind SQL injection tool developed in Perl, it lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file. Databases supported: IBM DB2 Microsoft SQL Server Oracle Postgres Mysql […]
Database Hacking
OAPScan – Oracle Application Server Scanner
[ad] We got an e-mail a while back about this new and apparently simple Oracle Application Server scanner. It detects web pages, DADs (Database Access Descriptors) and test applications installed by default. It may be useful for system hardening and pen-test. You can download OAPScan here: OAPScan.tar.gz
sqlninja 0.1.2 Released for Download – SQL Injection Tool
[ad] sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process […]
Priamos Project – SQL Injector and Scanner
[ad] PRIAMOS is a powerful SQL Injector & Scanner You can search for SQL Injection vulnerabilities and inject vulnerable string to get all Database names, Tables and Column data with the injector module. You should only use PRIAMOS to test the security vulnerabilities of your own web applications (obviously). The first release of PRIAMOS contain […]
Comprehensive SQL Injection Cheat Sheet
A reader e-mailed me a while ago about a fairly comprehensive SQL Injection Cheat Sheet they had created and posted up. I compared it to the other ones I had bookmarked, and it was different enough to be worth posting. Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of […]