Sólo texto | Texto con Imágenes

Underc0de

[In]Seguridad Informática => Bugs y Exploits => Pentesting => Mensaje iniciado por: hkm en Febrero 07, 2013, 11:18:45 PM

Título: Guía muy completa para inyecciones SQL
Publicado por: hkm en Febrero 07, 2013, 11:18:45 PM
Roberto Salgado (@LightOS (https://twitter.com/LightOS)) publicó hace tiempo una guía muy completa para inyecciones SQL. Cubre MySQL, MSSQL y ORACLE.

Su contenido es el siguiente:

MySQL
Default Databases (http://websec.ca/kb/sql_injection#MySQL_Default_Databases)
Testing Injection (http://websec.ca/kb/sql_injection#MySQL_Testing_Injection)
Comment Out Query (http://websec.ca/kb/sql_injection#MySQL_Comment_Out_Query)
Testing Version (http://websec.ca/kb/sql_injection#MySQL_Testing_Version)
Database Credentials (http://websec.ca/kb/sql_injection#MySQL_Database_Credentials)
Database Names (http://websec.ca/kb/sql_injection#MySQL_Database_Names)
Server Hostname (http://websec.ca/kb/sql_injection#MySQL_Server_Hostname)
Tables and Columns (http://websec.ca/kb/sql_injection#MySQL_Tables_And_Columns)
Avoiding quotations (http://websec.ca/kb/sql_injection#MySQL_Avoiding_Quotations)
String concatenation (http://websec.ca/kb/sql_injection#MySQL_String_Concatenation)
Conditional Statements (http://websec.ca/kb/sql_injection#MySQL_Conditional_Statements)
Timing (http://websec.ca/kb/sql_injection#MySQL_Timing)
Privileges (http://websec.ca/kb/sql_injection#MySQL_File_Privileges)
Reading Files (http://websec.ca/kb/sql_injection#MySQL_Reading_Files)
Writing Files (http://websec.ca/kb/sql_injection#MySQL_Writing_Files)
Out of band channeling (http://websec.ca/kb/sql_injection#MySQL_OOB_Channeling)
Stacked Queries with PDO (http://websec.ca/kb/sql_injection#MySQL_Stacked_Queries)
MySQL-specific code (http://websec.ca/kb/sql_injection#MySQL__Specific_Code)
Fuzzing and Obfuscation (http://websec.ca/kb/sql_injection#MySQL_Fuzzing_Obfuscation)
Operators (http://websec.ca/kb/sql_injection#MySQL_Operators)
Constants (http://websec.ca/kb/sql_injection#MySQL_Constants)
Password Hashing (http://websec.ca/kb/sql_injection#MySQL_Password_Hashing)
Password Cracker (http://websec.ca/kb/sql_injection#MySQL_Password_Cracker)

MSSQL
Default Databases (http://websec.ca/kb/sql_injection#MSSQL_Default_Databases)
Comment Out Query (http://websec.ca/kb/sql_injection#MSSQL_Comment_Out_Query)
Testing Version (http://websec.ca/kb/sql_injection#MSSQL_Testing_Version)
Database Credentials (http://websec.ca/kb/sql_injection#MSSQL_Database_Credentials)
Database Names (http://websec.ca/kb/sql_injection#MSSQL_Database_Names)
Server Hostname (http://websec.ca/kb/sql_injection#MSSQL_Server_Hostname)
Tables and Columns (http://websec.ca/kb/sql_injection#MSSQL_Tables_And_Columns)
Avoiding quotations (http://websec.ca/kb/sql_injection#MSSQL_Avoiding_Quotations)
String concatenation (http://websec.ca/kb/sql_injection#MSSQL_String_Concatenation)
Conditional Statements (http://websec.ca/kb/sql_injection#MSSQL_Conditional_Statements)
Timing (http://websec.ca/kb/sql_injection#MSSQL_Timing)
OPENROWSET Attacks (http://websec.ca/kb/sql_injection#MSSQL_OPENROWSET_Attacks)
System Command Execution (http://websec.ca/kb/sql_injection#MSSQL_System_Command_Execution)
SP_PASSWORD (Hiding Query) (http://websec.ca/kb/sql_injection#MSSQL_SP_PASSWORD)
Stacked Queries (http://websec.ca/kb/sql_injection#MSSQL_Stacked_Queries)
Fuzzing and Obfuscation (http://websec.ca/kb/sql_injection#MSSQL_Fuzzing_Obfuscation)
Password Hashing (http://websec.ca/kb/sql_injection#MSSQL_Password_Hashing)
Password Cracker (http://websec.ca/kb/sql_injection#MSSQL_Password_Cracker)

ORACLE
Default Databases (http://websec.ca/kb/sql_injection#Oracle_Default_Databases)
Comment Out Query (http://websec.ca/kb/sql_injection#Oracle_Comment_Out_Query)
Testing Version (http://websec.ca/kb/sql_injection#Oracle_Testing_Version)
Database Credentials (http://websec.ca/kb/sql_injection#Oracle_Database_Credentials)
Database Names (http://websec.ca/kb/sql_injection#Oracle_Database_Names)
Server Hostname (http://websec.ca/kb/sql_injection#Oracle_Server_Hostname)
Tables and Columns (http://websec.ca/kb/sql_injection#Oracle_Tables_And_Columns)
Avoiding Quotations (http://websec.ca/kb/sql_injection#Oracle_Avoiding_Quotations)
String concatenation (http://websec.ca/kb/sql_injection#Oracle_String_Concatenation)
Conditional Statements (http://websec.ca/kb/sql_injection#Oracle_Conditional_Statements)
Timing (http://websec.ca/kb/sql_injection#Oracle_Timing)
Privileges (http://websec.ca/kb/sql_injection#Oracle_Privileges)
Out Of Band Channeling (http://websec.ca/kb/sql_injection#Oracle_OOB_Channeling)



hkm
Título: Re:Guía muy completa para inyecciones SQL
Publicado por: Cronos en Febrero 07, 2013, 11:23:04 PM
Que pedazo de aporta so xD
Se agradece que lo hallas traído!
Saludos,, Cronos.-
Título: Re:Guía muy completa para inyecciones SQL
Publicado por: Pr0ph3t en Febrero 08, 2013, 12:13:50 PM
Gracias por el aporte, hkm.
Título: Re:Guía muy completa para inyecciones SQL
Publicado por: ReecGlobal en Febrero 08, 2013, 02:31:21 PM
exelente aportazo men :) gracias y salu2  :D
Título: Re:Guía muy completa para inyecciones SQL
Publicado por: ANTRAX en Febrero 08, 2013, 03:11:23 PM
+ Karma!

Muchisimas gracias! me hacia falta algo asi!
Sólo texto | Texto con Imágenes