Underc0de

[In]Seguridad Informática => Bugs y Exploits => Topic started by: hkm on July 09, 2012, 05:55:33 pm

Title: SQL Injection Knowledge Base
Post by: hkm on July 09, 2012, 05:55:33 pm
Roberto Salgado (@LightOS (https://twitter.com/LightOS)) publicó recientemente una guía muy completa para inyecciones SQL. Cubre MySQL, MSSQL y ORACLE.

Su contenido es el siguiente:

MySQL
Default Databases (http://websec.ca/kb/sql_injection#MySQL_Default_Databases)
Testing Injection (http://websec.ca/kb/sql_injection#MySQL_Testing_Injection)
Comment Out Query (http://websec.ca/kb/sql_injection#MySQL_Comment_Out_Query)
Testing Version (http://websec.ca/kb/sql_injection#MySQL_Testing_Version)
Database Credentials (http://websec.ca/kb/sql_injection#MySQL_Database_Credentials)
Database Names (http://websec.ca/kb/sql_injection#MySQL_Database_Names)
Server Hostname (http://websec.ca/kb/sql_injection#MySQL_Server_Hostname)
Tables and Columns (http://websec.ca/kb/sql_injection#MySQL_Tables_And_Columns)
Avoiding quotations (http://websec.ca/kb/sql_injection#MySQL_Avoiding_Quotations)
String concatenation (http://websec.ca/kb/sql_injection#MySQL_String_Concatenation)
Conditional Statements (http://websec.ca/kb/sql_injection#MySQL_Conditional_Statements)
Timing (http://websec.ca/kb/sql_injection#MySQL_Timing)
Privileges (http://websec.ca/kb/sql_injection#MySQL_File_Privileges)
Reading Files (http://websec.ca/kb/sql_injection#MySQL_Reading_Files)
Writing Files (http://websec.ca/kb/sql_injection#MySQL_Writing_Files)
Out of band channeling (http://websec.ca/kb/sql_injection#MySQL_OOB_Channeling)
Stacked Queries with PDO (http://websec.ca/kb/sql_injection#MySQL_Stacked_Queries)
MySQL-specific code (http://websec.ca/kb/sql_injection#MySQL__Specific_Code)
Fuzzing and Obfuscation (http://websec.ca/kb/sql_injection#MySQL_Fuzzing_Obfuscation)
Operators (http://websec.ca/kb/sql_injection#MySQL_Operators)
Constants (http://websec.ca/kb/sql_injection#MySQL_Constants)
Password Hashing (http://websec.ca/kb/sql_injection#MySQL_Password_Hashing)
Password Cracker (http://websec.ca/kb/sql_injection#MySQL_Password_Cracker)

MSSQL
Default Databases (http://websec.ca/kb/sql_injection#MSSQL_Default_Databases)
Comment Out Query (http://websec.ca/kb/sql_injection#MSSQL_Comment_Out_Query)
Testing Version (http://websec.ca/kb/sql_injection#MSSQL_Testing_Version)
Database Credentials (http://websec.ca/kb/sql_injection#MSSQL_Database_Credentials)
Database Names (http://websec.ca/kb/sql_injection#MSSQL_Database_Names)
Server Hostname (http://websec.ca/kb/sql_injection#MSSQL_Server_Hostname)
Tables and Columns (http://websec.ca/kb/sql_injection#MSSQL_Tables_And_Columns)
Avoiding quotations (http://websec.ca/kb/sql_injection#MSSQL_Avoiding_Quotations)
String concatenation (http://websec.ca/kb/sql_injection#MSSQL_String_Concatenation)
Conditional Statements (http://websec.ca/kb/sql_injection#MSSQL_Conditional_Statements)
Timing (http://websec.ca/kb/sql_injection#MSSQL_Timing)
OPENROWSET Attacks (http://websec.ca/kb/sql_injection#MSSQL_OPENROWSET_Attacks)
System Command Execution (http://websec.ca/kb/sql_injection#MSSQL_System_Command_Execution)
SP_PASSWORD (Hiding Query) (http://websec.ca/kb/sql_injection#MSSQL_SP_PASSWORD)
Stacked Queries (http://websec.ca/kb/sql_injection#MSSQL_Stacked_Queries)
Fuzzing and Obfuscation (http://websec.ca/kb/sql_injection#MSSQL_Fuzzing_Obfuscation)
Password Hashing (http://websec.ca/kb/sql_injection#MSSQL_Password_Hashing)
Password Cracker (http://websec.ca/kb/sql_injection#MSSQL_Password_Cracker)

ORACLE
Default Databases (http://websec.ca/kb/sql_injection#Oracle_Default_Databases)
Comment Out Query (http://websec.ca/kb/sql_injection#Oracle_Comment_Out_Query)
Testing Version (http://websec.ca/kb/sql_injection#Oracle_Testing_Version)
Database Credentials (http://websec.ca/kb/sql_injection#Oracle_Database_Credentials)
Database Names (http://websec.ca/kb/sql_injection#Oracle_Database_Names)
Server Hostname (http://websec.ca/kb/sql_injection#Oracle_Server_Hostname)
Tables and Columns (http://websec.ca/kb/sql_injection#Oracle_Tables_And_Columns)
Avoiding Quotations (http://websec.ca/kb/sql_injection#Oracle_Avoiding_Quotations)
String concatenation (http://websec.ca/kb/sql_injection#Oracle_String_Concatenation)
Conditional Statements (http://websec.ca/kb/sql_injection#Oracle_Conditional_Statements)
Timing (http://websec.ca/kb/sql_injection#Oracle_Timing)
Privileges (http://websec.ca/kb/sql_injection#Oracle_Privileges)
Out Of Band Channeling (http://websec.ca/kb/sql_injection#Oracle_OOB_Channeling)



hkm