Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > sectools > 03 > 050032.html (Request Expert securityfocus.com Support)

FW: New SQL Injection POC tool

From: Calderon, Juan C (CORP, DDEMESIS) <Juan.Calderon(at)ddemesis.ge.com>
Date: Thu May 01 2003 - 12:19:45 EDT


Cesar in other list sent me this by email, I think it could be interesting, perhaps if it performs Oracle specific Injections as well

-----Original Message-----
From: Cesar [mailto:cesarc56@yahoo.com]
Sent: Thursday, May 01, 2003 11:13 AM
To: Calderon, Juan C (CORP, DDEMESIS)
Subject: RE: New SQL Injection POC tool

Hola.

Yo no estoy subscripto a esa lista, pero si queres la podes reenviar.

Saludos.

Cesar.

  • "Calderon, Juan C (CORP, DDEMESIS)" <Juan.Calderon@ddemesis.ge.com> wrote:
    > there is a specialiced list for security tools in
    > security focus, it can be reached at
    > sectools@securityfocus.com, perhaps this is a place
    > where you want to post this message.
    >
    > cheers :)
    >
    > -----Original Message-----
    > From: Cesar [mailto:cesarc56@yahoo.com]
    > Sent: Tuesday, April 29, 2003 6:07 PM
    > To: webappsec@securityfocus.com
    > Subject: New SQL Injection POC tool
    >
    >
    > Data Thief
    >
    > Data Thief is a "proof-on-concept" tool used to
    > demonstrate to web administrators and developers how
    > easy it is to steal data from a web application that
    > is vulnerable to SQL Injection. Data Thief is
    > designed
    > to retrieve the data from a Microsoft SQL Server
    > back-end behind a web application with a SQL
    > Injection
    > vulnerability. Once a SQL Injection vulnerability is
    > identified, Data Thief does all the work of listing
    > the linked severs, laying out the database schema,
    > and
    > actually selecting the data from a table in the
    > application.
    >
    > http://www.appsecinc.com/resources/freetools/
    >
    > The tool is based in this paper:
    > Manipulating Microsoft SQL Server Using SQL
    > Injection:
    > This paper will focus on advanced techniques that
    > can
    > be used in an attack on an application utilizing
    > Microsoft SQL Server as a backend. These techniques
    > demonstrate how an attacker could use a SQL
    > Injection
    > vulnerability to retrieve the database content from
    > behind a firewall and penetrate the internal
    > network.
    >
    > http://www.appsecinc.com/news/briefing.html#inject
    >
    > Feedback is welcome.
    >
    > NEW SECURITY LIST: For people interested in SQL
    > Server
    > security, vulnerabilities, SQL injection, etc., I'm
    > starting a new mailing list you can join at:
    >
    > http://groups.yahoo.com/group/sqlserversecurity/
    >
    > Enjoy!!
    >
    > Cesar.
    >
    > __________________________________
    > Do you Yahoo!?
    > The New Yahoo! Search - Faster. Easier. Bingo.
    > http://search.yahoo.com

Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com Received on Thu May 1 15:08:07 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:47 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library