lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Nov 17 18:05:21 2005 From: roman at rs-labs.com (Roman Medina-Heigl Hernandez) Subject: Framework for the aid of exploiting SQL injection Hi, Is there any recommended tool which helps to get databases tables, entries, structure, etc, given a particular SQL injection bug in one application? I mean, it should *automatically* try different sentences to figure out the names of the columns and in general, other useful info from the database. Perhaps a PoC of some of NGSSoftware's papers or a more elaborated tool... I'd like to hear from you what's the state of the art in this very particular web-appsec field (so feel free to talk about tools oriented to different database flavours, if you want: SQL Server, Oracle, MySQL, Access, etc...). Thanks. PD: For God's sake, don't continue feeding non-sense threads like the former Netdev's related flamewar. The best thing you can do is to ignore them. -- Saludos, -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ]
Powered by blists - more mailing lists