Tag Archives | sql injection

sqlmap POST request injection

In the past using sqlmap to perform POST request based SQL injections has always been hit and miss (more often a miss). However I have recently had to revisit this feature and have found it be to much improved. Both in ease of use and accuracy. This is a quick step by step guide to […]

Continue Reading

SQL Injection Recap

During the Christmas break the Internet Storm Center had good coverage on the latest MSSQL based sql injection worm that appears to have infected over 1 million Microsoft based web pages. Recall back in November last year when we published a history of sql injection attacks, and followed that up with a sql injection tutorial. […]

Continue Reading

SQL Injection Scanner List

Coresec.org has an excellent summary of the wide range of SQL Injection scanning tools available from detection to automated exploitation and shells on a plate. Hit the link for the full list – SQL Injection Scanners

Continue Reading

Sqlmap 0.8 Released and Rolled out to HackerTarget.com servers

After discovering the new release of the excellent SQL Injection tool sqlmap I have done some testing and rolled it out to the HackerTarget.com scanning servers. If you are not familiar with the power of sqlmap head over to the sourceforge site for demo videos and some top notch documentation. Our scanning tools are configured […]

Continue Reading

When Neo Hacked the Latvian SRS Database

Movie plots cross into real life in Latvia where a significant security breach has occurred in the hacking of the Latvian SRS Databse. A group of hackers has stirred the nation after hacking into the countries taxation web site and revealing details of the powerful political elites wages and bonuses. One of the hackers used […]

Continue Reading

SQL Injection Demystified

Darkreading has a great article up on SQL Injection. This form of attack has been around for a long time, and happens because of poor dynamic website coding practices. A simple SQL injection vulnerability can often be exploited to gain full access to the database and / or full control of the database server. Now […]

Continue Reading