by secforce | Jan 27, 2011
In this post we are going to show how to exploit a SQL injection vulnerability on a web application using Microsoft SQL server backend where xp_cmdshell is available to the attacker. Given a penetration test to a web application it is identified that it is vulnerable...
by secforce | Jan 24, 2011
Recently we were performing an web application penetration test to one of our clients and identified a SQL injection vulnerability. The vulnerability allowed us to conduct a degree of fingerprinting on the remote server; however, the Microsoft SQL Server back-end...
by secforce | Jan 17, 2011
SECFORCE has released a set of scripts for enhancing Metasploit functionality exploiting SQL injection vulnerabilities. This is particularly useful in two scenarios: When an attacker achieves command execution on a database via SQL injection, but he wants all the...
by secforce | Mar 31, 2009
SECFORCE has co-authored a book fully dedicated to SQL injection attacks and published by Syngess. This book targets developers, penetration testers and security professionals. It is entirely dedicated to SQL injection attacks and defense, and it is a standalone...