Home / Hacking / PenTesting / SQL Injection / Tutoriales / Tutorial Inyecciones SQL (MySQL, MSSQL y ORACLE)

Tutorial Inyecciones SQL (MySQL, MSSQL y ORACLE)



Roberto Salgado (@LightOS hace tiempo publicó una guía muy completa para inyecciones SQL. Cubre MySQL, MSSQL y ORACLE.

Su contenido es el siguiente:

MySQL
Default Databases
Testing Injection
Comment Out Query
Testing Version
Database Credentials
Database Names
Server Hostname
Tables and Columns
Avoiding quotations
String concatenation
Conditional Statements
Timing
Privileges
Reading Files
Writing Files
Out of band channeling
Stacked Queries with PDO
MySQL-specific code
Fuzzing and Obfuscation
Operators
Constants
Password Hashing
Password Cracker

MSSQL
Default Databases
Comment Out Query
Testing Version
Database Credentials
Database Names
Server Hostname
Tables and Columns
Avoiding quotations
String concatenation
Conditional Statements
Timing
OPENROWSET Attacks
System Command Execution
SP_PASSWORD (Hiding Query)
Stacked Queries
Fuzzing and Obfuscation
Password Hashing
Password Cracker

ORACLE
Default Databases
Comment Out Query
Testing Version
Database Credentials
Database Names
Server Hostname
Tables and Columns
Avoiding Quotations
String concatenation
Conditional Statements
Timing
Privileges
Out Of Band Channeling
Tutorial Inyecciones SQL (MySQL, MSSQL y ORACLE) Tutorial Inyecciones SQL (MySQL, MSSQL y ORACLE) Reviewed by Zion3R on 19:14 Rating: 5