Re: Pentesting Webserver
- From: "Arian Amador" <arianamador@xxxxxxxxx>
- Date: Tue, 30 Oct 2007 08:35:12 -0400
There are certainly a lot of ways to perform an SQL attack. I'm not
going to go into detail about specific tests you can perform cause its
been covered to the point of exhaustion, but
I am willing to point you in a couple of good directions.
First check this site if you still haven't its got a wealth of
knowledge including a great paper on 'Blind SQL Injection', etc...
http://www.spidynamics.com/spilabs/education/whitepapers.html
Also a resource I keep coming back is Ferruh Mavituna's SQL cheat
sheet. Not only does it give great examples, but even better than that
it explains each and
everyone of them.
http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/
And don't forget its also possible to create overflow in DB
programs...So you could also try that avenue.
Hope some of this helps a bit.
--
Arian Amador
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- Re: Pentesting Webserver
- From: cwright
- Re: Pentesting Webserver
- Prev by Date: Re: nmap udp scan time
- Next by Date: Re: nmap udp scan time
- Previous by thread: Re: Pentesting Webserver
- Next by thread: Re: Re: Pentesting Webserver
- Index(es):
Relevant Pages
|
