GitHub / iricartb / advanced-sql-injection-scanner
Ivan Ricart Borges - Test for didactic purposes of web pages vulnerables to SQL injection using dbo database user with xp_cmdshell execution permissions. Using patterns from Internet search engines to extract potentially vulnerable web addresses and test them by changing the GET parameters using invalid Transact-SQL conversion function to cause through unhandled errors by IIS web server to show critical information. If certain features are given and using advanced injection techniques a malicious attacker could gain control of the entire system by executing shell commands in the SQL database engine.
JSON API: http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iricartb%2Fadvanced-sql-injection-scanner
Stars: 22
Forks: 12
Open issues: 0
License: None
Language: C#
Size: 589 KB
Dependencies parsed at: Pending
Created at: over 8 years ago
Updated at: 7 months ago
Pushed at: about 4 years ago
Last synced at: about 2 months ago
Topics: c-sharp, database, dbo, exploit, iis, injection, microsoft, rce, scanner, search-engine, sqlserver, transact-sql, visual-studio, vulnerability, webserver, xp-cmdshell