sql injection (sqlsentinel)(1)

SQL INJECTION (SQLSENTINEL) tool for finding vulnerable sql injection url.

ABOUT ME .

MY STORY :

My story is so long but i m going to make it short . •

I was in civil engineering not because I was dreaming to become one but because I had to do it . Then I came to realise life is about chasing your dream not someone else dream so i have deciced to do what I was born to do " Information security " maybe not born but what I was good at .

•

Since then I became a security reseacher and I m still a student in inforation technologie.

•

For all the people that are scared to chase their dream I m going to tell you to work you ass hard your dream will become true one day because life is all about dreaming .

•

MY CERTI FI CATI ON

web design certification •

CEH EC‑Council cerficication •

ECSA still doing that . •

LET START.... CAN W E ?

If your respond is yes then read this if not I m sorry i can't tell you more about my story for now but I promise I will do : )

W HAT I S SQL I NECTI ON ?

OWSAP definition about sql injection : •

A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data‑plane input in order to effect the execution of predefined SQL commands.

NOW....

We are not focusing on how to solve the sql inejection probelm since we are here for the offensive security .

•

Finding sql ijection vulnerable links could be hard and can take a lot of time since time is "money" you should know how deal with it

•

So there are many nice tools made by very genius programmer(we will talk about how making hacking tools with python on our next slide) but my favorite tool is sql sentinel .

•

��

��

��

�� !�� "�� #�� "�� "�� "�� "��$�� "��%��

�� #�� %�� !�� %�� &�� ' �� %�� $�� (�� %��

��

��

��

�� !��"��

��

��#��$��#� �� %� ��

�� %� �� &�� ' �� (��#��$�� #��#�� !��(��$� �� $�� $��' ��&��!�� %� �� #�� $� ��' �� !��(��#�� )��$�� $� �� (�� (��

��

�*�� &��+��#�#�� $��&�� ' �� #�� ' ��

��

��

��

��

After use any sql injection tool to exploit the link i will recommend the sqlmap best tool

•

END .

hope you get an idea about how to use sqlsentinel •

this was for an educational purpose . •

check my profil : http://www.linkedin.com/pub/ngoma‑mbaku/42/99/a42 •

Thank you for reading

sql injection (sqlsentinel)(1)

Technology