Atomlux Posted February 27, 2008 Share Posted February 27, 2008 hi i got IP for the DB on the server i play on, and i wanted to know if theres like some kind of ms sql exploit thing i can throw at it to get in xd Link to comment Share on other sites More sharing options...
Mr.Shadly Posted February 27, 2008 Share Posted February 27, 2008 Propably u've got ip to the server, and eh, if u won't steal db or if u're not a good hacker... There is no any simple way. Link to comment Share on other sites More sharing options...
caesar4l2 Posted February 27, 2008 Share Posted February 27, 2008 Mysql Injection, its not that simple :P Link to comment Share on other sites More sharing options...
knoxville Posted February 27, 2008 Share Posted February 27, 2008 hi i got IP for the DB on the server i play on, and i wanted to know if theres like some kind of ms sql exploit thing i can throw at it to get in xd Check the Back Track 2.0.. is good and have many utilities for SQL injection but.. no is easy.. it's very hard find user and pass of DB SQL... Link to comment Share on other sites More sharing options...
Hax0r Posted February 27, 2008 Share Posted February 27, 2008 check www.metasploit.com Link to comment Share on other sites More sharing options...
RicSic Posted February 27, 2008 Share Posted February 27, 2008 You dont need the IP to the DB for SQL injection. You could inject it thru any PHP/ASP form from their page. Link to comment Share on other sites More sharing options...
bonesaw Posted February 27, 2008 Share Posted February 27, 2008 If you don't even know about SQL, you shouldn't even bother with injection. You can only inject a code if you know how to make it, don't think copy/paste will always work. You can try to inject in anything that contacts the DB, it doesn't need to be a direct attack. If this server even care about security concerns of their DB, the DB server wouldn't even have an interface open to the internet, it should be in the local network and the other servers (itemd, logd etc) would connect through LAN to it, so it would be impossible to reach it unless there is a website pointing to it, where you would inject the code. Again, if you don't know what you're doing, don't even bother trying. There are many sites explaining how injection works, but you MUST know SQL syntax and how it works, period. Same with XSS injection or any other. Wrong section anyway. Locked. Link to comment Share on other sites More sharing options...
Recommended Posts