十个探测MSSQL 2000漏洞的技巧或工具

　　介绍了十大"摧残"和攻击SQL Server 2000或SQL Server 2005找到可能的漏洞的工具和技巧。

　　原文链接：http://searchsqlserver.techtarget.com/tip/1,289483,sid87_gci1165052_tax301336,00.html?Offer=SQLwnha217

　　当然包括很多SQL 安全的测试工具：

　　DShield's Port Report

　　WebInspect

　　QualysGuard

　　NGSSquirrel for SQL Server

　　SQLPing v 2.5

　　AppDetective

　　Metasploit

　　SQL Injector

　　Absinthe

　　看到这篇文章之后，感觉到每个SQL Server 200都有能够"挖掘"和"探索"的漏洞(还好现在用SQL Server 2005居多)，告诫自己以后每次部署SQL Server 2000/2005的时候，都要从这些工具箱中选出几个，试一下。SQL injection 无处不在，要时刻保持安全警惕性。

　　1. 最近看到一个有关程式员招聘的分析，"Writing Secure Code"和应用安全防御模型占了很大的一块比重，甚至和您对编程语言的掌控程度需要相同高。

　　2.有关Dynamic SQL 和存储过程的争论是否也会告一个断落，因为对于任何的数据库来说，使用“Dynamic SQL”就会有SQL injection的可能性。存储过程会是个不错的，抑或是有效的使用两者? 对于运行和维护部门来说，Dynamic SQL就是风险.

　　ACE Team - Security, Performance & Privacy的WebLog 是个不错的资源。

　　转自小气的神blog

　　**************************

　　Ten hacker tricks to exploit SQL Server systems

　　Kevin Beaver, CISSP

　　02.08.2006

　　Rating: -4.17- (out of 5)

　　

　　Whether it is through manual poking and prodding or the use of security testing tools, malicious attackers employ a variety of tricks to break into SQL Server systems, both inside and outside your firewall. It stands to reason then, if the hackers are doing it, you need to carry the same attacks to test the security strength of your systems. Here are 10 hacker tricks to gain access and violate systems running SQL Server.

　　1. Direct connections via the Internet

　　These connections can be used to attach to SQL Servers sitting naked without firewall protection for the entire world to see (and access). DShield's Port Report shows just how many systems are sitting out there waiting to be attacked. I don't understand the logic behind making a critical server like this directly accessible from the Internet, but I still find this flaw in my assessments, and we all remember the effect the SQL Slammer worm had on so many vulnerable SQL Server systems. Nevertheless, these direct attacks can lead to denial of service, buffer overflows and more.

　　2. Vulnerability scanning

　　Vulnerability scanning often reveals weaknesses in the underlying OS, the Web application or the database system itself. Anything from missing SQL Server patches to Internet Information Services (IIS) configuration weaknesses to SNMP exploits can be uncovered by attackers and lead to database server compromise. The bad guys may use open source, home-grown or commercial tools. Some are even savvy enough to carry out their hacks manually from a command prompt. In the interest of time (and minimal wheel spinning), I recommend using commercial vulnerability assessment tools like QualysGuard from Qualys Inc. (for general scanning), WebInspect from SPI Dynamics (for Web application scanning) and Next Generation Security Software Ltd.'s NGSSquirrel for SQL Server (for database-specific scanning). They're easy to use, offer the most comprehensive assessment and, in turn, provide the best results. Figure 1 shows some SQL injection vulnerabilities you may be able to uncover.

　　

　　Figure 1: Common SQL injection vulnerabilities found using WebInspect.

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有