Security Dashboard
Security vDNA
ARTICLE SQLPlus v0.3 available
Thursday 16 April 2009 - 616 read - ( Keywords : Database , Penetration testing & Ethical Hacking , SQLPlus )
sqlsus is an open source MySQL injection and takeover tool,
written in perl.
Using a command line interface that mimics a mysql console, you can retrieve the databases structure, inject SQL queries, download files from the web server, upload and control a backdoor, clone the databases, and much more...It is designed to maximize the amount of data gathered per server hit, making the best use (I can think of) of MySQL functions to optimise the available injection space.
sqlsus is focused on PHP/MySQL installations, and integrates some neat features, some of them really specific to this DBMS.
Tool Submitted by Maximiliano Soler
POSTSCRIPTUM
COMPLIANCE MANDATES
Penetration testing & Ethical Hacking : PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2
RELATED ARTICLES
Database,
Penetration testing & Ethical Hacking,
SQLPlus,
16 April 2009 : SQLPlus v0.3 available
