Re: Pentesting Webserver



There are certainly a lot of ways to perform an SQL attack. I'm not
going to go into detail about specific tests you can perform cause its
been covered to the point of exhaustion, but
I am willing to point you in a couple of good directions.

First check this site if you still haven't its got a wealth of
knowledge including a great paper on 'Blind SQL Injection', etc...
http://www.spidynamics.com/spilabs/education/whitepapers.html

Also a resource I keep coming back is Ferruh Mavituna's SQL cheat
sheet. Not only does it give great examples, but even better than that
it explains each and
everyone of them.
http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/

And don't forget its also possible to create overflow in DB
programs...So you could also try that avenue.

Hope some of this helps a bit.
--
Arian Amador

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------