[Owasp-testing] Database Fingerprinting

chr1x chr1x at sectester.net
Tue Dec 15 23:00:44 EST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Hi Zaki,

As many fellows recommend you, use some basic SQL injection strings
like: ' OR 1=1-- or " OR 1=1--

Outside, are a lot of more strings that you can use in order to see if
the webapp is using a DB at the Backend side.

Look this sheets:

http://sectester.net/forum/index.php?topic=26.msg54#new

Cheers!

chr1x

- ---
[CubilFelino Security Research Lab] http://chr1x.sectester.net
The computer security is an art form. It's the ultimate martial art."
New Forum at: http://www.sectester.net. Share your knowledge!



Zaki Akhmad escribió:
> Hello,
>
> I want to do a blackbox testing web application to test from Internet.
> I knew the program language use is PHP but I haven't figured out the
> database being used.
>
> How do I perform database fingerprinting blackbox testing from
> Internet? Any hint?
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
iQEcBAEBAgAGBQJLKFtrAAoJEENUkd83ZfT4gtAH/0Al0XhZS6tqfwmdCyUhwq3Z
jUfospAZ82PqBIn0ayaegTlgxyHdCEBAR0XhEFYHMVLLKNbdTAAB1mFlGlbCvbZC
hAe22aJu3gis2lLndUqIt50RLpIciS3fswra0hwoX7num5w5SBubdunjDoIDwsHO
4TcieTT9ATTNQK4V+apfetLFisRuxuUqyHPLgFuoTAi2nsvU2EpXq9vMUQHIx2e5
XPJkyUMYae3aHtdN/pRLHK4uEasARDa/dizivlDr1+IyLRAhOWTfQ0zRZolz+7eM
0WGd6f+/PKDfJD3/Vz92XE7jyLRd0IBnzQuNu2GHF80KI7hEXZgqKqDfDvDgOzs=
=0Y3u
-----END PGP SIGNATURE-----



More information about the Owasp-testing mailing list