lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun Nov 20 03:58:53 2005
From: nummish at gmail.com (nummish)
Subject: Framework for the aid of exploiting SQL
	injection

Absinthe (www.0x90.org/releases/absinthe<http://www.0x90.org/releases/absinthe>)
might do some of what you are describing. It works via blind injection
against MS SQL, Oracle and Postgres it also has the ability to work via
error pages (which is faster) for MS SQL server to a limited extent.

On 11/17/05, Roman Medina-Heigl Hernandez <roman@...labs.com> wrote:
>
> Hi,
>
> Is there any recommended tool which helps to get databases tables,
> entries, structure, etc, given a particular SQL injection bug in one
> application? I mean, it should *automatically* try different sentences
> to figure out the names of the columns and in general, other useful info
> from the database. Perhaps a PoC of some of NGSSoftware's papers or a
> more elaborated tool... I'd like to hear from you what's the state of
> the art in this very particular web-appsec field (so feel free to talk
> about tools oriented to different database flavours, if you want: SQL
> Server, Oracle, MySQL, Access, etc...).
>
> Thanks.
>
> PD: For God's sake, don't continue feeding non-sense threads like the
> former Netdev's related flamewar. The best thing you can do is to ignore
> them.
>
> --
>
> Saludos,
> -Roman
>
> PGP Fingerprint:
> 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742
> [Key ID: 0xEAD56742. Available at KeyServ]
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



--
Bigger 1:23
This address if for mailing list traffic only.
Please direct non-list correspondence to 0x90.org <http://0x90.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051119/91d05c07/attachment.html

Powered by blists - more mailing lists