Full Disclosure mailing list archives
Re: Framework for the aid of exploiting SQL injection
From: nummish <nummish () gmail com>
Date: Sat, 19 Nov 2005 22:58:45 -0500
Absinthe (www.0x90.org/releases/absinthe<http://www.0x90.org/releases/absinthe>) might do some of what you are describing. It works via blind injection against MS SQL, Oracle and Postgres it also has the ability to work via error pages (which is faster) for MS SQL server to a limited extent. On 11/17/05, Roman Medina-Heigl Hernandez <roman () rs-labs com> wrote:
Hi, Is there any recommended tool which helps to get databases tables, entries, structure, etc, given a particular SQL injection bug in one application? I mean, it should *automatically* try different sentences to figure out the names of the columns and in general, other useful info from the database. Perhaps a PoC of some of NGSSoftware's papers or a more elaborated tool... I'd like to hear from you what's the state of the art in this very particular web-appsec field (so feel free to talk about tools oriented to different database flavours, if you want: SQL Server, Oracle, MySQL, Access, etc...). Thanks. PD: For God's sake, don't continue feeding non-sense threads like the former Netdev's related flamewar. The best thing you can do is to ignore them. -- Saludos, -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Bigger 1:23 This address if for mailing list traffic only. Please direct non-list correspondence to 0x90.org <http://0x90.org>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Framework for the aid of exploiting SQL injection Roman Medina-Heigl Hernandez (Nov 17)
- Re: Framework for the aid of exploiting SQL injection David Litchfield (Nov 17)
- Re: Framework for the aid of exploiting SQL injection Dave (Nov 18)
- Re: Framework for the aid of exploiting SQL injection Dave (Nov 19)
- Re: Framework for the aid of exploiting SQL injection Dave (Nov 18)
- Re: Framework for the aid of exploiting SQL injection nummish (Nov 19)
- Re: Framework for the aid of exploiting SQL injection David Litchfield (Nov 17)