标签 ‘MySQL’ 下的日志

SCRT Mini MySqlat0r-Java写的mysql注入检测工具

2008/10/15 13:00 | 鬼仔 | 工具收集 | 消灭0回复

Introduction
Mini MySqlat0r is a multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities. It is written in Java and is used through a user-friendly GUI that contains three distinct modules.

The Crawler modules allows the user to view the web site structure and gather all tamperable parameters. These parameters are then sent to the Tester module that tests all parameters for SQL injection vulnerabilities. If any are found, they are then sent to the Exploiter module that can exploit the injections to gather data from the database.
阅读全文 »

Tags: ,

Scully: SQL DB interface and Brute Forcer

2008/10/07 22:33 | 鬼仔 | 工具收集 | 消灭0回复

Scully is a brute forcer and a simple client interface to MSSQL and MYSQL Database servers. No more need to install database client libraries or setup ODBC connections in windows

What Does Scully do?

Scully is a client interface to MSSQL and MySQL database servers. No more need for
MSSQL/MySQL client libraries to be installed and no more need to setup an ODBC connection
either. Simply add IP/Hostname, username, password, port and database name and SQL away.
阅读全文 »

Tags: , ,

mysqlhack

2008/10/05 13:33 | 鬼仔 | 工具收集 | 5 个回复

来源:T00LS

MySQL 利用工具.
连接对方的MySQL后,可以上传文件,执行dos命令.以及下载文件并运行.

软件需要 Microsoft .NET Framework 2.0 支持
无法打开软件请安装 Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 下载地址:
http://www.microsoft.com/downloads/details.aspx?FamilyID=0856eacb-4362-4b0d-8edd-aab15c5e04f5&displaylang=zh-cn
阅读全文 »

Tags:

Mysql charset Truncation vulnerability

2008/09/13 1:24 | 鬼仔 | 技术文章 | 1 个回复

Mysql charset Truncation vulnerability

By http://www.80sec.com/

We found that there is a interesting feature in mysql database,when you are using utf8,gbk or other charsets.This feature may make your application unsecure.

Stefen Esser shows some attack manners of mysql in his paper[1], in which he issues the SQL Column Truncation vulnerability.

The application is a forum where new users can register
The administrator’s name is known e.g. ‘admin’
MySQL is used in the default mode
There is no application restriction on the length of new user names
The database column username is limited to 16 characters
阅读全文 »

Tags: ,

关于MySQL的SQL Column Truncation Vulnerabilities

2008/09/10 17:55 | 鬼仔 | 技术文章 | 消灭0回复

作者:axis

Stefan Esser今天写了篇很棒的文章,提到了关于MySQL里的两个缺陷

http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities

1. max_packet_size 的问题

2. SQL Column Truncation 攻击

我测试了第二个。
阅读全文 »

Tags: , ,

MYSQL 注射精华

2008/08/31 21:42 | 鬼仔 | 技术文章 | 2 个回复

来源:安全焦点
作者:tsenable (tsenable_at_gmail.com)

MYSQL 注射精华

前言
鄙人今天心血来潮突然想写篇文章,鄙人从来没写过文章,如果有错误的地方请多多指教.本文需要有基础的SQL语句知识才可以更好的理解.建议想学习的人多去了解一下SQL语句和编程语言,知己知彼才能百战百胜.
我不希翼得到读者您的好评,尽管我尽力了;只希望本文能解决您学习过程的障碍,希望您早日掌握有关MYSQL注入方面的知识.
阅读全文 »

Tags: ,