“Sqlninja is a small tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server.
Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment (i.e.: paranoid firewall settings), using the xp_cmdshell extended procedure that SQL Server kindly enables by default. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.”



~ by Balle on July 6, 2007.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: