Thursday, January 17, 2008

Web Security Watch: Automated SQL Injection Engine Now Freely Available

Via Darknet.org.uk.

sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

More here.

Note: ...and this is very, very bad news for any publicly-accessible SQL databases, especially when it is well-known that there are somewhere in the neighborhood of ~500,000 of them.

Bad news for a lot of people.

- ferg

0 Comments:

Post a Comment

<< Home