Subscribe to Hacking Truths. Now, 9183 members!      RSS Feed Be Our Fan on Facebook Twitter SMS Alerts

Home » Hardcore Hacking, Server Hacking

Top 10 Tricks to exploit SQL Server Systems

12 January 2008 7 Comments Posted By Ashik
StumbleUpon.com
Share

6. SQL injection

SQL injection attacks are executed via front-end Web applications that don’t properly validate user input. Malformed SQL queries, including SQL commands, can be inserted directly into Web URLs and return informative errors, commands being executed and more. These attacks can be carried out manually — if you have a lot of time. Once I discover that a server has a potential SQL injection vulnerability, I prefer to perform the follow-through using an automated tool, such as SPI Dynamics’ SQL Injector, shown in Figure 3.

Figure 3: SPI Dynamics’ SQL Injector tool automates the SQL injection process.

7. Blind SQL injection

These attacks go about exploiting Web applications and back-end SQL Servers in the same basic fashion as standard SQL injection. The big difference is that the attacker doesn’t receive feedback from the Web server in the form of returned error messages. Such an attack is even slower than standard SQL injection given the guesswork involved. You need a good tool for this situation, and that’s where Absinthe, shown in Figure 4, comes in handy.


Figure 4: Absinthe tool takes the pain out of blind SQL injection testing.

Popularity: 3% [?]



Enjoyed this article? Subscribe to Hacking Truths and get daily updates about new cool websites and programs in your email for free.

Pages: 1 2 3 4


7 Comments »

  • List of all the SQL Injection Strings | Hacking Truths said:

    [...] go into detail on why these string work as all these details have been given in my previous article Top 10 Tricks to exploit SQL Server Systems [...]

    # 3 October 2008 at 11:15 pm
  • Top 15 SQL Injection Scanners | Hacking Truths said:

    [...] are not aware of SQL Injection Attack and How it works you need to read my previous article “Top 10 Tricks to exploit SQL Server Systems” [...]

    # 3 October 2008 at 11:17 pm
  • TAHIR KHAN AFRIDI said:

    Sir how can i Hack New VP-ASP Shopping Cart 6.0 or VP-ASP Shopping Cart 6.5 give me Tricks plz sir, i can hack shopping cart 4.0 and 5.0

    # 18 October 2008 at 12:41 am
  • melon said:

    sir how can l hack MTN Network in Ghana to have access to code for sending free sms to National Lottor jackpot pls.

    # 5 February 2009 at 2:41 pm
  • Top 15 SQL Injection Scanners « Ethical Hacking said:

    [...] you are not aware of SQL Injection Attack and How it works you need to read my previous article “Top 10 Tricks to exploit SQL Server Systems” [...]

    # 17 December 2009 at 7:28 am
  • List of all the SQL Injection Strings « Ethical Hacking said:

    [...] go into detail on why these string work as all these details have been given in my previous article Top 10 Tricks to exploit SQL Server Systems [...]

    # 17 December 2009 at 7:29 am
  • alienuv said:

    sir how can i hack joomla

    # 11 January 2010 at 8:00 am

Note : If you have any Query related to the above Article please Post it to the Support Forum.

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.

Comment moderation is enabled. Your comment may take some time to appear.