SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.

Open source security testers have released a free tool that simplifies and automates hacking of Oracle databases at the Black Hat conference in Las Vegas in July 2009.

The hacking tool was developed in the open source Metasploit cooperative, which had hosted a seminar at the conference.

While performing White Box, The ethical hackers know about how network is managed, how it is organized all the little details are also known to ethical hacker, who is performing the penetration testing on the victim network.
But, Case is reverse in Black Box Testing, Ethical hacker is kept a way outside the organization & he could not even gett that details directly. So what he do is first perform passive attack gathering & collect some information, then he arranges all the information in particular order so as to predict the hierarchy of the network.

The very first stage of hacking is PAG i.e Passive Attack Gathering. In plain English we collect all the information about our victim network or a system for planning the attack. Remember following things are explained for a penetration testing scenario & not for hacking actual hacking. So don’t misuse this information, team of hacking truths will not be responsible for anything you do with it.