mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-29 13:00:32 +01:00
10f363f274
Signed-off-by: Erik Hanson <erik@slackbuilds.org>
19 lines
1.1 KiB
Text
19 lines
1.1 KiB
Text
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web
|
|
application that uses Microsoft SQL Server as its back-end. Its main goal is
|
|
to provide a remote access on the vulnerable DB server, even in a very hostile
|
|
environment. It should be used by penetration testers to help automate the
|
|
process of taking over a DB Server when a SQL Injection vulnerability has been
|
|
discovered.
|
|
|
|
Since version 0.2.5, sqlninja will upload .exe files by default instead of
|
|
.scr ones. If you want to upload .scr files instead, the original sqlninja
|
|
files are distributed inside /usr/lib$LIBDIRSUFFIX/sqlninja/scripts/ .
|
|
|
|
Raul Siles' patch for better Metasploit Framework interaction has been
|
|
discontinued since it was released for an old version of sqlninja only. The
|
|
patch added two new timers ($client_delay (30 secs) and $server_delay (5
|
|
secs)) to use within sqlninja. Since it could be still somehow handy it has
|
|
been included in the package documentation directory.
|
|
|
|
This requires perl-Net-DNS, perl-Net-Pcap, perl-IO-Socket-SSL, Net-SSLeay,
|
|
perl-NetPacket, and perl-Net-RawIP.
|