Tag Archives: SQL Injection

Conmen DID use leaked info of sporty civil servants… to attack HMRC

Source: The Register by Anna Leach In this article “Criminals used the personal data of 100,000 civil servants that was swiped in early 2010 in an attack on HMRC around the same time, The Register has discovered. Now, almost three years later, the government is still scrabbling around trying to work out whodunnit… and only recently ‘fessed up… Read More »

Privilege Escalation in SQL Server (Depending on some dodgy requirements)

Source: Sensepost Blog In this article “I was playing with a few SQL server idiosyncrasies more than a year ago before becoming so completely distracted with the whole SAP protocol-decoding business. Having some time on my hands for once, I thought I would blog it. Early last year, I found it possible to create jobs owned by other… Read More »

Serving Up Malicious PDFs Through SQL Injection

Source: Dark Reading by Ericka Chickowski In this article “These days SQL injection vulnerabilities may seem like a dime a dozen, but creative penetration testers and attackers continue to come up with new ways to take advantage of this vulnerability class that developers persist in allowing to linger like a bad cold. Last month at BSides Las Vegas, a… Read More »

safe3si Sql Injection Tool

Safe3SI is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching… Read More »

SQL Ninja Tool

Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a… Read More »