Select Page

SECFORCE invited to present at Athcon

SECFORCE was invited to present at Athcon conference, held in Athens during 2nd and 3rd June 2011. AthCon is an annual IT security conference that takes place in Athens Greece designed to give a technical insight to the world of IT security. A realistic, practical...

Exploiting SQL injection vulnerabilities with Metasploit

In this post we are going to show how to exploit a SQL injection vulnerability on a web application using Microsoft SQL server backend where xp_cmdshell is available to the attacker. Given a penetration test to a web application it is identified that it is vulnerable...

Exploiting MS09-004 via SQL injection

Recently we were performing an web application penetration test to one of our clients and identified a SQL injection vulnerability. The vulnerability allowed us to conduct a degree of fingerprinting on the remote server; however, the Microsoft SQL Server back-end...

Metasploit and SQL injection

SECFORCE has released a set of scripts for enhancing Metasploit functionality exploiting SQL injection vulnerabilities. This is particularly useful in two scenarios: When an attacker achieves command execution on a database via SQL injection, but he wants all the...