Foro de elhacker.net

Seguridad Informática => Nivel Web => Mensaje iniciado por: hkm en 8 Julio 2012, 02:33 am


Título: SQL Injection Knowledge Base
Publicado por: hkm en 8 Julio 2012, 02:33 am

Roberto Salgado (@LightOS (https://twitter.com/LightOS)) publicó recientemente una guía muy completa para inyecciones SQL. Cubre MySQL, MSSQL y ORACLE.

Su contenido es el siguiente:

MySQL
Default Databases (http://websec.ca/kb/sql_injection#MySQL_Default_Databases)
Testing Injection (http://websec.ca/kb/sql_injection#MySQL_Testing_Injection)
Comment Out Query (http://websec.ca/kb/sql_injection#MySQL_Comment_Out_Query)
Testing Version (http://websec.ca/kb/sql_injection#MySQL_Testing_Version)
Database Credentials (http://websec.ca/kb/sql_injection#MySQL_Database_Credentials)
Database Names (http://websec.ca/kb/sql_injection#MySQL_Database_Names)
Server Hostname (http://websec.ca/kb/sql_injection#MySQL_Server_Hostname)
Tables and Columns (http://websec.ca/kb/sql_injection#MySQL_Tables_And_Columns)
Avoiding quotations (http://websec.ca/kb/sql_injection#MySQL_Avoiding_Quotations)
String concatenation (http://websec.ca/kb/sql_injection#MySQL_String_Concatenation)
Conditional Statements (http://websec.ca/kb/sql_injection#MySQL_Conditional_Statements)
Timing (http://websec.ca/kb/sql_injection#MySQL_Timing)
Privileges (http://websec.ca/kb/sql_injection#MySQL_File_Privileges)
Reading Files (http://websec.ca/kb/sql_injection#MySQL_Reading_Files)
Writing Files (http://websec.ca/kb/sql_injection#MySQL_Writing_Files)
Out of band channeling (http://websec.ca/kb/sql_injection#MySQL_OOB_Channeling)
Stacked Queries with PDO (http://websec.ca/kb/sql_injection#MySQL_Stacked_Queries)
MySQL-specific code (http://websec.ca/kb/sql_injection#MySQL__Specific_Code)
Fuzzing and Obfuscation (http://websec.ca/kb/sql_injection#MySQL_Fuzzing_Obfuscation)
Operators (http://websec.ca/kb/sql_injection#MySQL_Operators)
Constants (http://websec.ca/kb/sql_injection#MySQL_Constants)
Password Hashing (http://websec.ca/kb/sql_injection#MySQL_Password_Hashing)
Password Cracker (http://websec.ca/kb/sql_injection#MySQL_Password_Cracker)

MSSQL
Default Databases (http://websec.ca/kb/sql_injection#MSSQL_Default_Databases)
Comment Out Query (http://websec.ca/kb/sql_injection#MSSQL_Comment_Out_Query)
Testing Version (http://websec.ca/kb/sql_injection#MSSQL_Testing_Version)
Database Credentials (http://websec.ca/kb/sql_injection#MSSQL_Database_Credentials)
Database Names (http://websec.ca/kb/sql_injection#MSSQL_Database_Names)
Server Hostname (http://websec.ca/kb/sql_injection#MSSQL_Server_Hostname)
Tables and Columns (http://websec.ca/kb/sql_injection#MSSQL_Tables_And_Columns)
Avoiding quotations (http://websec.ca/kb/sql_injection#MSSQL_Avoiding_Quotations)
String concatenation (http://websec.ca/kb/sql_injection#MSSQL_String_Concatenation)
Conditional Statements (http://websec.ca/kb/sql_injection#MSSQL_Conditional_Statements)
Timing (http://websec.ca/kb/sql_injection#MSSQL_Timing)
OPENROWSET Attacks (http://websec.ca/kb/sql_injection#MSSQL_OPENROWSET_Attacks)
System Command Execution (http://websec.ca/kb/sql_injection#MSSQL_System_Command_Execution)
SP_PASSWORD (Hiding Query) (http://websec.ca/kb/sql_injection#MSSQL_SP_PASSWORD)
Stacked Queries (http://websec.ca/kb/sql_injection#MSSQL_Stacked_Queries)
Fuzzing and Obfuscation (http://websec.ca/kb/sql_injection#MSSQL_Fuzzing_Obfuscation)
Password Hashing (http://websec.ca/kb/sql_injection#MSSQL_Password_Hashing)
Password Cracker (http://websec.ca/kb/sql_injection#MSSQL_Password_Cracker)

ORACLE
Default Databases (http://websec.ca/kb/sql_injection#Oracle_Default_Databases)
Comment Out Query (http://websec.ca/kb/sql_injection#Oracle_Comment_Out_Query)
Testing Version (http://websec.ca/kb/sql_injection#Oracle_Testing_Version)
Database Credentials (http://websec.ca/kb/sql_injection#Oracle_Database_Credentials)
Database Names (http://websec.ca/kb/sql_injection#Oracle_Database_Names)
Server Hostname (http://websec.ca/kb/sql_injection#Oracle_Server_Hostname)
Tables and Columns (http://websec.ca/kb/sql_injection#Oracle_Tables_And_Columns)
Avoiding Quotations (http://websec.ca/kb/sql_injection#Oracle_Avoiding_Quotations)
String concatenation (http://websec.ca/kb/sql_injection#Oracle_String_Concatenation)
Conditional Statements (http://websec.ca/kb/sql_injection#Oracle_Conditional_Statements)
Timing (http://websec.ca/kb/sql_injection#Oracle_Timing)
Privileges (http://websec.ca/kb/sql_injection#Oracle_Privileges)
Out Of Band Channeling (http://websec.ca/kb/sql_injection#Oracle_OOB_Channeling)



hkm

Título: Re: SQL Injection Knowledge Base
Publicado por: h3ct0r en 10 Agosto 2012, 16:53 pm
Esta muy buena, gracias por el aporte amigo  >:D

Título: Re: SQL Injection Knowledge Base
Publicado por: Martin-Ph03n1X en 8 Septiembre 2012, 16:32 pm
pues si supiera bien como va e ingles avanzaría un poco mas rápido pero ni SQL uso bien así es que mucho menos xplotarlo sabre... se mira buen aporte espero sea de utilidad para muchos....

Título: Re: SQL Injection Knowledge Base
Publicado por: jhonatanAsm en 8 Septiembre 2012, 17:43 pm
Que buen material, muchas gracias men ;-)  .


Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines