It is a technique of finding the vulnerability in the website through
Sql injection i.e command arer admin and password. This is done by
including question of Sql statement in the web from entry field in an
attempt to get a website password and Sql command to the database.
"OR"
It is a technique often use to attack a website.
Sqlmap is an open source command-line automatic SQL injection tool and its aim is to detect and take advantage of SQL injection vulnerabilities in web applications. The moment one or more SQL injections isdetected on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.Enthusiastics can experiment with its opotions and pwn many of the servers around,or can test their skills to secure their servers..but remember,SQL map is a tool,its might help you to find and apply vulnerabilities and injections,but in the end,you really must have a good knowledge of SQL some real pwning out there..
You Can download sqlmap 0.7 here :-
☺ Linux Source: sqlmap-0.7.tar.gz
☺ Windows Portable: sqlmap-0.7_exe.zip
0 comments:
Post a Comment