Top 10 Tricks to exploit SQL Server Systems

12 January 2008 3 Comments

8. Reverse engineering the system

The reverse engineering trick looks for software exploits, memory corruption weaknesses and so on. In this sample chapter from the excellent book Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw, you’ll find a discussion about reverse engineering ploys.

9. Google hacks

Google hacks use the extraordinary power of the Google search engine to ferret out SQL Server errors — such as “Incorrect syntax near” — leaking from publicly accessible systems. Several Google queries are available at Johnny Long’s Google Hacking Database. (Look in the sections titled Error Messages and Files containing passwords.) Hackers use Google to find passwords, vulnerabilities in Web servers, underlying operating systems, publicly available procedures and more that they can use to further compromise a SQL Server system. Combining these queries with Web site names via Google’s ’site:’ operator often turns up juicy info you never imagined you could unearth.

10. Perusing Web site source code

Source code can also turn up information that may lead to a SQL Server break in. Specifically, developers may store SQL Server authentication information in ASP scripts to simplify the authentication process. A manual assessment or Google could uncover this information in a split second.

Popularity: 3% [?]

Enjoyed this article? Subscribe to Hacking Truths and get daily updates about new cool websites and programs in your email for free.

3 Comments »

List of all the SQL Injection Strings | Hacking Truths said:

[...] go into detail on why these string work as all these details have been given in my previous article Top 10 Tricks to exploit SQL Server Systems [...]

# 3 October 2008 at 11:15 pm

Top 15 SQL Injection Scanners | Hacking Truths said:

[...] are not aware of SQL Injection Attack and How it works you need to read my previous article “Top 10 Tricks to exploit SQL Server Systems” [...]

# 3 October 2008 at 11:17 pm

TAHIR KHAN AFRIDI said:

Sir how can i Hack New VP-ASP Shopping Cart 6.0 or VP-ASP Shopping Cart 6.5 give me Tricks plz sir, i can hack shopping cart 4.0 and 5.0

# 18 October 2008 at 12:41 am

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

Name (required)

Mail (will not be published) (required)

Website (optional)

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.