Home » Story links » Param's story links

SqlNinja - Exploit SQL Injection

Link: http://sqlninja.sourceforge.net/
Points: 917 views User: Param Comments: 0 Comments Tag:

Sqlninja is a small tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment (i.e.: paranoid firewall settings), using the xp_cmdshell extended procedure that SQL Server kindly enables by default. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.


Email: Email this Story to a Friend

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.