by secforce | Jun 18, 2011
SECFORCE was invited to present at Athcon conference, held in Athens during 2nd and 3rd June 2011. AthCon is an annual IT security conference that takes place in Athens Greece designed to give a technical insight to the world of IT security. A realistic, practical...
by secforce | Jan 27, 2011
In this post we are going to show how to exploit a SQL injection vulnerability on a web application using Microsoft SQL server backend where xp_cmdshell is available to the attacker. Given a penetration test to a web application it is identified that it is vulnerable...
by secforce | Jan 24, 2011
Recently we were performing an web application penetration test to one of our clients and identified a SQL injection vulnerability. The vulnerability allowed us to conduct a degree of fingerprinting on the remote server; however, the Microsoft SQL Server back-end...
by secforce | Jan 17, 2011
SECFORCE has released a set of scripts for enhancing Metasploit functionality exploiting SQL injection vulnerabilities. This is particularly useful in two scenarios: When an attacker achieves command execution on a database via SQL injection, but he wants all the...
by secforce | Nov 9, 2008
False sense of security is an ongoing issue. Fueled by inaccurate marketing strategies promising the ultimate security product and convincing clients that their product will make your system immune to every single attack. Security professionals are used to hear all...