lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <08ab01c5eba3$9ed82850$2500a8c0@ngssoftware.com>
Date: Thu Nov 17 18:20:50 2005
From: davidl at ngssoftware.com (David Litchfield)
Subject: Framework for the aid of exploiting SQL
	injection

Hi Roman,
> Is there any recommended tool which helps to get databases tables,
> entries, structure, etc, given a particular SQL injection bug in one
> application? I mean, it should *automatically* try different sentences
> to figure out the names of the columns and in general, other useful info
> from the database. Perhaps a PoC of some of NGSSoftware's papers or a
> more elaborated tool...

I've just put up sqlinjector.zip on the databasesecurity.com website ( 
http://www.databasesecurity.com/webapplications.htm ). This is the tool 
(source and exe) you refer to. I never got around to completing it but it 
works as is - I'd rather the code was tidier.
HTH,
David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ