Infos

Sie befinden sich aktuell in den Alexander Kornbrust Oracle Security Blog Blog-Archiven für den folgenden Tag 5 Feb 2009.

Calendar

Februar 2009
M	D	M	D	F	S	S
« Jan		Mrz »
	1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28

Kategorien

11g (12)
Allgemein (29)
David Litchfield (7)
Exploit (23)
Forensics (7)
Oracle Security (105)
passwords (8)
Repscan (1)
Security (22)
Sentrigo (5)
software (9)
source code audit (5)
SQL Injection (24)
Tools (24)
Trainings (3)
Tutorial (2)

Letzte Einträge

Links

Oracle Security
- RDS-blog (german)
- Repscan
SQL Injection
- RDS Oracle Exploits
- SQL Injection Cheat Sheet

Archive für 5 Feb 2009

sqlmap 0.6.4.1 released

5 Feb 2009 von Alexander Kornbrust.

Yesterday Bernardo Damele released the new version 0.6.4.1 of the automatic SQL injection tool. sqlmap supports all databases (including Oracle) and can automatically exploit sql injection vulnerabilities and enumerate database information like usernames, privileges, … or download table content .
The latest changes are available in the changelog.
Here are 2 screenshots from a vulnerable test application (with Oracle 11g).

sqlmap 0.6.3

I also tried to run sqlmap 0.6.4.1 against my test server but this version was not able to find the sql injection.

sqlmap 0.6.4

Update:
Today Bernardo has send me an email that he will release an updated version of sqlmap within the next few weeks.

Geschrieben in Oracle Security | Drucken | Keine Kommentare »

Oracle Security

SQL Injection

Archive für 5 Feb 2009

sqlmap 0.6.4.1 released