BT Güvenlik Test

Bsqbf ‘in 2.4 versiyonu duyuruldu.

Desteklediği Veritabanları:

1.MS-SQL
2. MySQL
3. PostgreSQL
4. Oracle

6 farklı atak tipini desktelemektedir. Bunlar:

Type 1: Blind

SQL Injection based on true and false conditions returned by back-end
server
Type 2: Blind
SQL Injection based on true and error(e.g syntax error) returned by back-end
server.
Type 3: Blind
SQL Injection in “order by” and “group by”.
Type 4: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)
Type 5: is O.S code execution (ORACLE dbms_export_extension exploit)
Type 6: is reading files (ORACLE dbms_export_extension exploit, based on java)

Bsqb’i üç farklı tipte çalıştırabilirsiniz. Bunlar:

Type 1  (default) is based on java..will NOT work against XE.

Type 2 is against oracle 9 with plsql_native_make_utility.

Type 3 is against oracle 10 with dbms_scheduler.

Bsqbf kullanımıyla ilgili örnekler:

$./bsqlbf-v2.pl -url http://www.examplefortesing.com/injection_string_post/1.asp?p=1 -method post -match true -database 0 -sql “select top 1 name from sysobjects where xtype=’U’”
./bsqlbf-v2.4.pl -url http://www.examplefortesing.com/injection_string_post/1.jsp?p=1 -type 4 -match “true” -cmd “ping notsosecure.com”

Program Kullanımı ile ilgili video:

Get the Flash Player to see this player.

Bsqbf programını indirmek için burayı tıklayınız..

İlgili Dış Web Linkleri:

• BSQLBF – Blind SQL Injection Brute Forcer – Security Threads Garage

• Metasploit Oracle Auxiliary Modules » Musings on Database Security

• BSQLBF – Blind SQL Injection Brute Forcer – Security Threads Garage

• Metasploit Oracle Auxiliary Modules » Musings on Database Security

<div style="background-color: FFFFFF;"><a href="http://www.rsspump.com" title="rss widget">web widgets</a></div>

Leave a Reply

Name

Mail (will not be published)

Website

Submit Comment