Introduction
Mini MySqlat0r is a multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities. It is written in Java and is used through a user-friendly GUI that contains three distinct modules.
The Crawler modules allows the user to view the web site structure and gather all tamperable parameters. These parameters are then sent to the Tester module that tests all parameters for SQL injection vulnerabilities. If any are found, they are then sent to the Exploiter module that can exploit the injections to gather data from the database.
阅读全文 »
Tags: JAVA,
MySQL,
SQL Injection,
SQL注入
Scully is a brute forcer and a simple client interface to MSSQL and MYSQL Database servers. No more need to install database client libraries or setup ODBC connections in windows
What Does Scully do?
Scully is a client interface to MSSQL and MySQL database servers. No more need for
MSSQL/MySQL client libraries to be installed and no more need to setup an ODBC connection
either. Simply add IP/Hostname, username, password, port and database name and SQL away.
阅读全文 »
Tags: MSSQL,
MySQL,
Scully
来源:T00LS
MySQL 利用工具.
连接对方的MySQL后,可以上传文件,执行dos命令.以及下载文件并运行.
软件需要 Microsoft .NET Framework 2.0 支持
无法打开软件请安装 Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 下载地址:
http://www.microsoft.com/downloads/details.aspx?FamilyID=0856eacb-4362-4b0d-8edd-aab15c5e04f5&displaylang=zh-cn
阅读全文 »
Tags: MySQL
Mysql charset Truncation vulnerability
By http://www.80sec.com/
We found that there is a interesting feature in mysql database,when you are using utf8,gbk or other charsets.This feature may make your application unsecure.
Stefen Esser shows some attack manners of mysql in his paper[1], in which he issues the SQL Column Truncation vulnerability.
The application is a forum where new users can register
The administrator’s name is known e.g. ‘admin’
MySQL is used in the default mode
There is no application restriction on the length of new user names
The database column username is limited to 16 characters
阅读全文 »
Tags: MySQL,
Vulnerability
来源:安全焦点
作者:tsenable (tsenable_at_gmail.com)
MYSQL 注射精华
前言
鄙人今天心血来潮突然想写篇文章,鄙人从来没写过文章,如果有错误的地方请多多指教.本文需要有基础的SQL语句知识才可以更好的理解.建议想学习的人多去了解一下SQL语句和编程语言,知己知彼才能百战百胜.
我不希翼得到读者您的好评,尽管我尽力了;只希望本文能解决您学习过程的障碍,希望您早日掌握有关MYSQL注入方面的知识.
阅读全文 »
Tags: MySQL,
SQL Injection,
SQL注入
作者:凋零玫瑰
今天遇到一个iis只支持aspx的,禁用了asp,服务器装了mysql odbc驱动,想在那个iis上操作另一个服务器的mysql,可没现成的aspx操作mysql的程序,找了一下午,在msdn上找到个.net的sqldatasource类可以操作.
测试成功了,留在这里备忘一下.
阅读全文 »
Tags: ASPX,
MySQL
作者:linx2008
Mysql BackDoor是一款针对PHP+Mysql服务器开发的后门,后门安装后为Mysql增加一个可以执行系统命令的”state”函数,并且随 Mysql进程启动一个基于Dll的嗅探型后门,从而巧妙地实现了无端口,无进程,无服务的穿墙木马.程序在WINXP、 WIN2003+MYSQL5.0.X下通过.
[安装]
将Mysql.php传到PHP服务器上,依填上相应的Host、User、Password、DB后,点击”自动安装Mysql BackDoor”
安装成功后,Mysql上便会增加一个”state”函数,同时利用Mysql进程运行一个基于嗅探的后门. 这个后门在Windows下拥有与Mysql一样的系统权限.
阅读全文 »
Tags: BackDoor,
MySQL