Your Ad Here
Home » Hardcore Hacking, Server Hacking

Top 10 Tricks to exploit SQL Server Systems

12 January 2008 3 Comments

Suggested Reading Resources(Free of Cost!)

noneProtection for Mac and Linux Computers: Genuine Need or Nice to Have?
Learn how protecting computers running Linux, UNIX, Mac and the like, can prevent Windows malware being stored and distributed across your IT network reducing the risks to business.....

none Vulnerability Management for Dummies
Get all the Facts and See How to Implement a Successful Vulnerability Management Program.....

6. SQL injection

SQL injection attacks are executed via front-end Web applications that don’t properly validate user input. Malformed SQL queries, including SQL commands, can be inserted directly into Web URLs and return informative errors, commands being executed and more. These attacks can be carried out manually — if you have a lot of time. Once I discover that a server has a potential SQL injection vulnerability, I prefer to perform the follow-through using an automated tool, such as SPI Dynamics’ SQL Injector, shown in Figure 3.

Figure 3: SPI Dynamics’ SQL Injector tool automates the SQL injection process.

7. Blind SQL injection

These attacks go about exploiting Web applications and back-end SQL Servers in the same basic fashion as standard SQL injection. The big difference is that the attacker doesn’t receive feedback from the Web server in the form of returned error messages. Such an attack is even slower than standard SQL injection given the guesswork involved. You need a good tool for this situation, and that’s where Absinthe, shown in Figure 4, comes in handy.


Figure 4: Absinthe tool takes the pain out of blind SQL injection testing.

Popularity: 3% [?]

Related posts:

  1. Top 15 SQL Injection Scanners
  2. Top 10 Windows Hacking Tools
  3. How Safe is Your Computer?
  4. Anonymity of a Proxy Server Explained
  5. Top 20 Hacking Tools


Enjoyed this article? Subscribe to Hacking Truths and get daily updates about new cool websites and programs in your email for free.

Pages: 1 2 3 4



3 Comments »

  • List of all the SQL Injection Strings | Hacking Truths said:

    [...] go into detail on why these string work as all these details have been given in my previous article Top 10 Tricks to exploit SQL Server Systems [...]

    # 3 October 2008 at 11:15 pm
  • Top 15 SQL Injection Scanners | Hacking Truths said:

    [...] are not aware of SQL Injection Attack and How it works you need to read my previous article “Top 10 Tricks to exploit SQL Server Systems” [...]

    # 3 October 2008 at 11:17 pm
  • TAHIR KHAN AFRIDI said:

    Sir how can i Hack New VP-ASP Shopping Cart 6.0 or VP-ASP Shopping Cart 6.5 give me Tricks plz sir, i can hack shopping cart 4.0 and 5.0

    # 18 October 2008 at 12:41 am

Note : If you have any Query related to the above Article please Post it to the Support Forum.

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.

Comment moderation is enabled. Your comment may take some time to appear.