본문 바로가기

SQL INJECTION51

sqlifuzzer: Command Line SQL Injection Web Scanner Features of Sqlifuzzer: Payloads/tests for numeric, string, error and time-based SQL injection Support for MSSQL, MYSQL and Oracle DBMS’s Automated testing of ‘tricky’ parameters like POST URL query and mulipart form parameters A range of filter evasion options: case variation, nesting, double URL encoding, comments for spaces, ‘like’ for ‘equals’ operator, intermediary characters, null and CRLF.. 2012. 4. 17.
Time Based Blind SQL Injection I am not going to talk about Blind SQL injection since this is fully documented across different web sites, check References section at the end of this blog. The reason I am writing this blog is for two main purposes: 1. Bug Hunting: To explain the process I followed to discover a "not-easy-to-find" vulnerability. 2. Exploit form scratch: To release a tool to extract data from the Data base via .. 2012. 3. 20.
False SQL Injection and Advanced Blind SQL Injection ######################################################################### # # # Exploit Title: False SQL injection and advanced blind SQL injection # # Date: 21/12/2011 # # Author: wh1ant # # # ######################################################################### 이 문서는 SQL injection 공격이 웹 방화벽이나 기타 보안 솔루션 방어 우회가 가능하다는걸 공개하기 위해 작성하였다. 한국 웹 방화벽을 대상으로 테스트 한 결과 대부분의 SQL injection 필터링 우회가 가능하였다. 이.. 2011. 12. 30.
SQL Injection Scanning Update - Filter Evasions Detected As we reported in the previous [Honeypot Alert] WordPress/Joomla/Mambo SQL Injection Scanning Detected alert - we have identified an increase in mass SQL Injection scanning targeting various community components. While this scanning is still ongoing, we have identified a slight variation if the attack methodology used. Here are examples from today's web server logs: GET /index.php?option=com_acp.. 2011. 12. 16.
PHP Vulnerability Hunter All testing was performed on Windows XP and Vista using XAMPP. Each target application was installed, then a full scan was performed. Noteworthy log entries revealing exploitable faults are shown followed by the expoit proof of concepts and resulting advisories.Case Study 1: MODx Revolution 2.0.2-plReflected Cross-site Scripting Log EntryAlert Name: Reflected XSS GET /modx/manager/index.php?serv.. 2011. 11. 21.
728x90