Autor Tema: SQL Injection Pocket Reference  (Leído 4848 veces)

0 Usuarios y 1 Visitante están viendo este tema.

hkm

  • Moderador
  • *
  • Mensajes: 1245
  • Liked: 292
    • Hakim.Ws
SQL Injection Pocket Reference
« : noviembre 22, 2010, 08:23:02 pm »
La mejor referencia para SQLi esta siendo creada por lightos con ayuda de Reiners y .mario del foro sla.ckers.

La pueden encontrar en la siguiente liga:
  https://docs.google.com/Doc?docid=0AZNlBave77hiZGNjanptbV84Z25yaHJmMjk

Este documento es actualizado varias veces al dia. Si tienen algo que agregar contacten a @lightos.

El contenido hoy es:

1. MySQL
1. Default Databases
2. Comment Out Query
3. Testing Injection
1. Strings
2. Numeric
3. In a login
4. Testing Version
5. MySQL-specific code
6. Retrieving DB usernames/passwords
7. Tables & Columns
1. Finding out column #
2. Retrieving Tables
3. Retrieving Columns
4. PROCEDURE ANALYSE()
5. Find Tables from Column Name
6. Find Column From Table Name
8. Avoiding the use of single/double quotations
9. String concatenation
10. Privileges
11. FILE privilege
1. MySQL 4/5
2. MySQL 5
12. Out Of Band Channeling
1. Timing
2. DNS (requires FILE privilege)
3. SMB (requires FILE privilege)
13. Reading Files (requires FILE privilege)
14. Writing Files (requires FILE privilege)
15. Stacked Queries with PDO
16. User Defined Functions
17. Fuzzing and Obfuscation
1. Allowed Intermediary Characters:
2. Allowed Intermediary Characters after AND/OR
18. Operators
19. Constants
20. MySQL Functions()
21. MySQL Password Hashing (Taken from MySQL website)
22. MySQL Password() Cracker
23. MySQL < 4.1 Password Cracker
2. MSSQL
1. Default Databases
2. Comment Out Query
3. Testing Version
4. Retrieving user names/passwords
5. Database Server Hostname
6. Listing Databases
7. Tables & Columns
1. Retrieving Tables
2. Retrieving Columns
3. Retrieving Multiple Tables/Columns at once
8. OPENROWSET Attacks
9. System Command Execution
10. SP_PASSWORD (Hiding Query)
11. Fuzzing and Obfuscation
1. Encodings
12. MSSQL Password Hashing
13. MSSQL Password Cracker
3. ORACLE
1. Default Databases
2. Comment Out Query
3. Testing Version
4. Retrieving Users/Passwords
5. Retrieving Databases
1. Current Database
2. User Databases
6. Tables & Columns
1. Retrieving Tables
2. Retrieving Columns
3. Finding Tables from Column Name
4. Finding Column From Table Name
7. Fuzzing and Obfuscation
1. Avoiding the use of single/double quotations
2. Unlike other RDBMS, Oracle allows us to reference table/column names encoded.
8. Out Of Band Channeling
1. Time Delay
2. Heavy Query Time delays


« Última Modificación: noviembre 22, 2010, 08:25:19 pm por hkm »