Título: SQL Injection Knowledge Base Publicado por: hkm en 8 Julio 2012, 02:33 am Roberto Salgado (@LightOS (https://twitter.com/LightOS)) publicó recientemente una guía muy completa para inyecciones SQL. Cubre MySQL, MSSQL y ORACLE. Su contenido es el siguiente: MySQL Default Databases (http://websec.ca/kb/sql_injection#MySQL_Default_Databases) Testing Injection (http://websec.ca/kb/sql_injection#MySQL_Testing_Injection) Comment Out Query (http://websec.ca/kb/sql_injection#MySQL_Comment_Out_Query) Testing Version (http://websec.ca/kb/sql_injection#MySQL_Testing_Version) Database Credentials (http://websec.ca/kb/sql_injection#MySQL_Database_Credentials) Database Names (http://websec.ca/kb/sql_injection#MySQL_Database_Names) Server Hostname (http://websec.ca/kb/sql_injection#MySQL_Server_Hostname) Tables and Columns (http://websec.ca/kb/sql_injection#MySQL_Tables_And_Columns) Avoiding quotations (http://websec.ca/kb/sql_injection#MySQL_Avoiding_Quotations) String concatenation (http://websec.ca/kb/sql_injection#MySQL_String_Concatenation) Conditional Statements (http://websec.ca/kb/sql_injection#MySQL_Conditional_Statements) Timing (http://websec.ca/kb/sql_injection#MySQL_Timing) Privileges (http://websec.ca/kb/sql_injection#MySQL_File_Privileges) Reading Files (http://websec.ca/kb/sql_injection#MySQL_Reading_Files) Writing Files (http://websec.ca/kb/sql_injection#MySQL_Writing_Files) Out of band channeling (http://websec.ca/kb/sql_injection#MySQL_OOB_Channeling) Stacked Queries with PDO (http://websec.ca/kb/sql_injection#MySQL_Stacked_Queries) MySQL-specific code (http://websec.ca/kb/sql_injection#MySQL__Specific_Code) Fuzzing and Obfuscation (http://websec.ca/kb/sql_injection#MySQL_Fuzzing_Obfuscation) Operators (http://websec.ca/kb/sql_injection#MySQL_Operators) Constants (http://websec.ca/kb/sql_injection#MySQL_Constants) Password Hashing (http://websec.ca/kb/sql_injection#MySQL_Password_Hashing) Password Cracker (http://websec.ca/kb/sql_injection#MySQL_Password_Cracker) MSSQL Default Databases (http://websec.ca/kb/sql_injection#MSSQL_Default_Databases) Comment Out Query (http://websec.ca/kb/sql_injection#MSSQL_Comment_Out_Query) Testing Version (http://websec.ca/kb/sql_injection#MSSQL_Testing_Version) Database Credentials (http://websec.ca/kb/sql_injection#MSSQL_Database_Credentials) Database Names (http://websec.ca/kb/sql_injection#MSSQL_Database_Names) Server Hostname (http://websec.ca/kb/sql_injection#MSSQL_Server_Hostname) Tables and Columns (http://websec.ca/kb/sql_injection#MSSQL_Tables_And_Columns) Avoiding quotations (http://websec.ca/kb/sql_injection#MSSQL_Avoiding_Quotations) String concatenation (http://websec.ca/kb/sql_injection#MSSQL_String_Concatenation) Conditional Statements (http://websec.ca/kb/sql_injection#MSSQL_Conditional_Statements) Timing (http://websec.ca/kb/sql_injection#MSSQL_Timing) OPENROWSET Attacks (http://websec.ca/kb/sql_injection#MSSQL_OPENROWSET_Attacks) System Command Execution (http://websec.ca/kb/sql_injection#MSSQL_System_Command_Execution) SP_PASSWORD (Hiding Query) (http://websec.ca/kb/sql_injection#MSSQL_SP_PASSWORD) Stacked Queries (http://websec.ca/kb/sql_injection#MSSQL_Stacked_Queries) Fuzzing and Obfuscation (http://websec.ca/kb/sql_injection#MSSQL_Fuzzing_Obfuscation) Password Hashing (http://websec.ca/kb/sql_injection#MSSQL_Password_Hashing) Password Cracker (http://websec.ca/kb/sql_injection#MSSQL_Password_Cracker) ORACLE Default Databases (http://websec.ca/kb/sql_injection#Oracle_Default_Databases) Comment Out Query (http://websec.ca/kb/sql_injection#Oracle_Comment_Out_Query) Testing Version (http://websec.ca/kb/sql_injection#Oracle_Testing_Version) Database Credentials (http://websec.ca/kb/sql_injection#Oracle_Database_Credentials) Database Names (http://websec.ca/kb/sql_injection#Oracle_Database_Names) Server Hostname (http://websec.ca/kb/sql_injection#Oracle_Server_Hostname) Tables and Columns (http://websec.ca/kb/sql_injection#Oracle_Tables_And_Columns) Avoiding Quotations (http://websec.ca/kb/sql_injection#Oracle_Avoiding_Quotations) String concatenation (http://websec.ca/kb/sql_injection#Oracle_String_Concatenation) Conditional Statements (http://websec.ca/kb/sql_injection#Oracle_Conditional_Statements) Timing (http://websec.ca/kb/sql_injection#Oracle_Timing) Privileges (http://websec.ca/kb/sql_injection#Oracle_Privileges) Out Of Band Channeling (http://websec.ca/kb/sql_injection#Oracle_OOB_Channeling) hkm Título: Re: SQL Injection Knowledge Base Publicado por: h3ct0r en 10 Agosto 2012, 16:53 pm Esta muy buena, gracias por el aporte amigo >:D
Título: Re: SQL Injection Knowledge Base Publicado por: Martin-Ph03n1X en 8 Septiembre 2012, 16:32 pm pues si supiera bien como va e ingles avanzaría un poco mas rápido pero ni SQL uso bien así es que mucho menos xplotarlo sabre... se mira buen aporte espero sea de utilidad para muchos....
Título: Re: SQL Injection Knowledge Base Publicado por: jhonatanAsm en 8 Septiembre 2012, 17:43 pm Que buen material, muchas gracias men ;-) .
|