Atomlux Posted February 27, 2008 Posted February 27, 2008 hi i got IP for the DB on the server i play on, and i wanted to know if theres like some kind of ms sql exploit thing i can throw at it to get in xd
Mr.Shadly Posted February 27, 2008 Posted February 27, 2008 Propably u've got ip to the server, and eh, if u won't steal db or if u're not a good hacker... There is no any simple way.
knoxville Posted February 27, 2008 Posted February 27, 2008 hi i got IP for the DB on the server i play on, and i wanted to know if theres like some kind of ms sql exploit thing i can throw at it to get in xd Check the Back Track 2.0.. is good and have many utilities for SQL injection but.. no is easy.. it's very hard find user and pass of DB SQL...
RicSic Posted February 27, 2008 Posted February 27, 2008 You dont need the IP to the DB for SQL injection. You could inject it thru any PHP/ASP form from their page.
bonesaw Posted February 27, 2008 Posted February 27, 2008 If you don't even know about SQL, you shouldn't even bother with injection. You can only inject a code if you know how to make it, don't think copy/paste will always work. You can try to inject in anything that contacts the DB, it doesn't need to be a direct attack. If this server even care about security concerns of their DB, the DB server wouldn't even have an interface open to the internet, it should be in the local network and the other servers (itemd, logd etc) would connect through LAN to it, so it would be impossible to reach it unless there is a website pointing to it, where you would inject the code. Again, if you don't know what you're doing, don't even bother trying. There are many sites explaining how injection works, but you MUST know SQL syntax and how it works, period. Same with XSS injection or any other. Wrong section anyway. Locked.
Recommended Posts