[Owasp-cuiaba] [ off-topic ] Fwd: Hacking BD 's [Blackploit]

Kembolle Amilkar haxorcoding em gmail.com
Quarta Julho 25 20:33:06 UTC 2012


Lista de ferramentas para teste em banco de dados! encaminhando......


**
   Hacking [Blackploit] <http://www.blackploit.com/>
 <http://fusion.google.com/add?source=atgs&feedurl=http://feeds.feedburner.com/Hacking-blackploit>
  [image:
Link to Blackploit [PenTest]] <http://www.blackploit.com/>
------------------------------

Guía para SQLi (MySQL, MSSQL &
ORACLE)<http://feedproxy.google.com/~r/Hacking-blackploit/~3/4SVRV-IdQfE/guia-para-sqli-mysql-mssql-oracle.html?utm_source=feedburner&utm_medium=email>

Posted: 24 Jul 2012 09:08 PM PDT

<http://1.bp.blogspot.com/-nhwBQdvH5x8/UA9wrLUiriI/AAAAAAAAA14/5Qoa3ys8Uec/s1600/SQLi.gif>Les
dejo una guía muy completa para inyecciones
SQL<http://www.websec.ca/kb/sql_injection>que cubre
*MySQL*, *MSSQL *y *ORACLE*, desde la detección de inyecciones SQL hasta
explotación avanzada evadiendo WAF/IDS.

 El autor *Roberto Salgado* (@LightOS <https://twitter.com/LightOS>) agrega
nuevos ataques y métodos de evasión diariamente.

 Es una guía muy extensa, clara y está organizada muy ordenadamente por
temas:


   -  *MySQL*
    - *Default Databases<http://websec.ca/kb/sql_injection#MySQL_Default_Databases>
      *
      - *Testing
Injection<http://websec.ca/kb/sql_injection#MySQL_Testing_Injection>
      *
      - *Comment Out
Query<http://websec.ca/kb/sql_injection#MySQL_Comment_Out_Query>
      *
      - *Testing
Version<http://websec.ca/kb/sql_injection#MySQL_Testing_Version>
      *
      - *Database
Credentials<http://websec.ca/kb/sql_injection#MySQL_Database_Credentials>
      *
      - *Database Names<http://websec.ca/kb/sql_injection#MySQL_Database_Names>
      *
      - *Server
Hostname<http://websec.ca/kb/sql_injection#MySQL_Server_Hostname>
      *
      - *Tables and
Columns<http://websec.ca/kb/sql_injection#MySQL_Tables_And_Columns>
      *
      - *Avoiding
quotations<http://websec.ca/kb/sql_injection#MySQL_Avoiding_Quotations>
      *
      - *String
concatenation<http://websec.ca/kb/sql_injection#MySQL_String_Concatenation>
      *
      - *Conditional
Statements<http://websec.ca/kb/sql_injection#MySQL_Conditional_Statements>
      *
      - *Timing <http://websec.ca/kb/sql_injection#MySQL_Timing>*
      - *Privileges<http://websec.ca/kb/sql_injection#MySQL_File_Privileges>
      *
      - *Reading Files<http://websec.ca/kb/sql_injection#MySQL_Reading_Files>
      *
      - *Writing Files<http://websec.ca/kb/sql_injection#MySQL_Writing_Files>
      *
      - *Out of band
channeling<http://websec.ca/kb/sql_injection#MySQL_OOB_Channeling>
      *
      - *Stacked Queries with
PDO<http://websec.ca/kb/sql_injection#MySQL_Stacked_Queries>
      *
      - *MySQL-specific
code<http://websec.ca/kb/sql_injection#MySQL__Specific_Code>
      *
      - *Fuzzing and
Obfuscation<http://websec.ca/kb/sql_injection#MySQL_Fuzzing_Obfuscation>
      *
      - *Operators <http://websec.ca/kb/sql_injection#MySQL_Operators>*
      - *Constants <http://websec.ca/kb/sql_injection#MySQL_Constants>*
      - *Password
Hashing<http://websec.ca/kb/sql_injection#MySQL_Password_Hashing>
      *
      - *Password
Cracker<http://websec.ca/kb/sql_injection#MySQL_Password_Cracker>
      *
    -  *MSSQL*
    - *Default Databases<http://websec.ca/kb/sql_injection#MSSQL_Default_Databases>
      *
      - *Comment Out
Query<http://websec.ca/kb/sql_injection#MSSQL_Comment_Out_Query>
      *
      - *Testing
Version<http://websec.ca/kb/sql_injection#MSSQL_Testing_Version>
      *
      - *Database
Credentials<http://websec.ca/kb/sql_injection#MSSQL_Database_Credentials>
      *
      - *Database Names<http://websec.ca/kb/sql_injection#MSSQL_Database_Names>
      *
      - *Server
Hostname<http://websec.ca/kb/sql_injection#MSSQL_Server_Hostname>
      *
      - *Tables and
Columns<http://websec.ca/kb/sql_injection#MSSQL_Tables_And_Columns>
      *
      - *Avoiding
quotations<http://websec.ca/kb/sql_injection#MSSQL_Avoiding_Quotations>
      *
      - *String
concatenation<http://websec.ca/kb/sql_injection#MSSQL_String_Concatenation>
      *
      - *Conditional
Statements<http://websec.ca/kb/sql_injection#MSSQL_Conditional_Statements>
      *
      - *Timing <http://websec.ca/kb/sql_injection#MSSQL_Timing>*
      - *OPENROWSET
Attacks<http://websec.ca/kb/sql_injection#MSSQL_OPENROWSET_Attacks>
      *
      - *System Command
Execution<http://websec.ca/kb/sql_injection#MSSQL_System_Command_Execution>
      *
      - *SP_PASSWORD (Hiding
Query)<http://websec.ca/kb/sql_injection#MSSQL_SP_PASSWORD>
      *
      - *Stacked
Queries<http://websec.ca/kb/sql_injection#MSSQL_Stacked_Queries>
      *
      - *Fuzzing and
Obfuscation<http://websec.ca/kb/sql_injection#MSSQL_Fuzzing_Obfuscation>
      *
      - *Password
Hashing<http://websec.ca/kb/sql_injection#MSSQL_Password_Hashing>
      *
      - *Password
Cracker<http://websec.ca/kb/sql_injection#MSSQL_Password_Cracker>
      *
    -  *ORACLE*
    - *Default Databases<http://websec.ca/kb/sql_injection#Oracle_Default_Databases>
      *
      - *Comment Out
Query<http://websec.ca/kb/sql_injection#Oracle_Comment_Out_Query>
      *
      - *Testing
Version<http://websec.ca/kb/sql_injection#Oracle_Testing_Version>
      *
      - *Database
Credentials<http://websec.ca/kb/sql_injection#Oracle_Database_Credentials>
      *
      - *Database Names<http://websec.ca/kb/sql_injection#Oracle_Database_Names>
      *
      - *Server
Hostname<http://websec.ca/kb/sql_injection#Oracle_Server_Hostname>
      *
      - *Tables and
Columns<http://websec.ca/kb/sql_injection#Oracle_Tables_And_Columns>
      *
      - *Avoiding
Quotations<http://websec.ca/kb/sql_injection#Oracle_Avoiding_Quotations>
      *
      - *String
concatenation<http://websec.ca/kb/sql_injection#Oracle_String_Concatenation>
      *
      - *Conditional
Statements<http://websec.ca/kb/sql_injection#Oracle_Conditional_Statements>
      *
      - *Timing <http://websec.ca/kb/sql_injection#Oracle_Timing>*
      - *Privileges <http://websec.ca/kb/sql_injection#Oracle_Privileges>*
      - *Out Of Band
Channeling<http://websec.ca/kb/sql_injection#Oracle_OOB_Channeling>
      *
    -  *Extras*
    - *About <http://websec.ca/kb/sql_injection#Extra_About>*
      - *Contact <http://websec.ca/kb/sql_injection#Extra_Contact>*
      - *Special Thanks<http://websec.ca/kb/sql_injection#Extra_Special_Thanks>
      *
      - *Google Docs
Version<https://docs.google.com/document/edit?id=1rO_LCBKJY0puvRhPhAfTD2iNVPfR4e9KiKDpDE2enMI>
      *
      - *SQLi Challenges <http://50.57.51.240/challenges/>*
      - *SQL Fiddle <http://sqlfiddle.com/>*
      - *Pentestmonkey Cheatsheet <http://pentestmonkey.net/cheat-sheet>*
      - *Ferruh Mavituna
Cheatsheet<http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/>
      *
      - *MS Access
Cheatsheet<http://nibblesec.org/files/MSAccessSQLi/MSAccessSQLi.html>
      *
      - *SQLite3
Cheatsheet<https://sites.google.com/site/0x7674/home/sqlite3injectioncheatsheet>
      *
      - *Reiners Filter Evasion
Cheatsheet<https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/>
      *
      - *OWASP Prevention
Cheatsheet<https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet>
      *
      - *HTML5 Security Cheatsheet <http://html5sec.org/>*


*Visto en:* http://www.hakim.ws/<http://www.hakim.ws/2012/07/referencia-para-inyeccion-sql/>

<https://feedads.g.doubleclick.net/~a/Ii5P3yJEKsZaW6xu_hb4OpiYhrk/qq3loBszmEf-TLNX28-xZh1FVmk/0/pa>
<https://feedads.g.doubleclick.net/~a/Ii5P3yJEKsZaW6xu_hb4OpiYhrk/qq3loBszmEf-TLNX28-xZh1FVmk/1/pa>
 *Att. Kembolle Amilkar *
#/[ kembolle.com.br <http://www.kembolle.com.br/> ] - Consultoria Segurança
da Informação.
#/ [ samurayconsultoria.com.br ] - Chief Security Officer - Samuray
Consultoria.
#/ Systems Analyst | Esp. Information Security | Computer Forensic Expert |
#/ Owasp Chapter Lider Cuiabá - https://www.owasp.org/index.php/Cuiaba
#/ Mobile: [65] 9979-2925  && contato[at]kembolle.com.br.
**
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://lists.owasp.org/pipermail/owasp-cuiaba/attachments/20120725/75f7ec48/attachment-0001.html>


More information about the Owasp-cuiaba mailing list