• Subscribe to the low volume list for updates.

  • Home
  • sql injection

Archives of #sql injection

sqlmap POST request injection

In the past using sqlmap to perform POST request based SQL injections has always been hit and miss (more often a miss). However I have recently had to revisit this feature and have found it be to much improved. Both in ease of use and accuracy. This is a quick step by step guide to […]

SQL Injection Recap

During the Christmas break the Internet Storm Center had good coverage on the latest MSSQL based sql injection worm that appears to have infected over 1 million Microsoft based web pages. Recall back in November last year when we published a history of sql injection attacks, and followed that up with a sql injection tutorial. […]

SQL Injection Scanner List

Coresec.org has an excellent summary of the wide range of SQL Injection scanning tools available from detection to automated exploitation and shells on a plate. [box]Sqlninja ( http://sqlninja.sourceforge.net/ ) Supports only Microsoft SQL Server. sqlmap ( http://sqlmap.sourceforge.net/ ) Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server. Partial support for: Microsoft Access, DB2, Informix, Sybase […]

Sqlmap 0.8 Released and Rolled out to HackerTarget.com servers

After discovering the new release of the excellent SQL Injection tool sqlmap I have done some testing and rolled it out to the HackerTarget.com scanning servers. If you are not familiar with the power of sqlmap head over to the sourceforge site for demo videos and some top notch documentation. Our scanning tools are configured […]

When Neo Hacked the Latvian SRS Database

Movie plots cross into real life in Latvia where a significant security breach has occurred in the hacking of the Latvian SRS Databse. A group of hackers has stirred the nation after hacking into the countries taxation web site and revealing details of the powerful political elites wages and bonuses. One of the hackers used […]

SQL Injection Demystified

Darkreading has a great article up on SQL Injection. This form of attack has been around for a long time, and happens because of poor dynamic website coding practices. A simple SQL injection vulnerability can often be exploited to gain full access to the database and / or full control of the database server. Now […]

Sqlmap 0.7 released and added to HackerTarget.com sqli scan option

Bernardo Damele A. G. has released the latest update to sqlmap 0.7 and it is fast become the leading SQL injection tool for penetration testing. A python based script that can give you full shell access amongst other things on an sql injection exploitable host. This is a must have on a web application pentest. […]