利用SQL Server的注入漏洞实现猜解数据库名，表名，字段名及记录的信息，由于网速的原因，目前限制了只能同时猜解前5个字段值的记录信息。另外实现了三种方式执行系统命令，同时可回显显示。-use SQL Server injection vulnerability achieve guess Solutions database name, table names, field names and the information recorded, the speed network, cur

Mini SQL对用户提供的数据缺少充分过滤,远程攻击者可以利用这个漏洞对目标服务器进行格式字符串攻击,可能以数据库进程权限在系统上执行任意指令。 远程攻击者可以发送恶意格式串来触发此漏洞,导致破坏进程中的任意敏感信息,造成以数据库进程... -Mini SQL user data provided by the lack of adequate filtering, remote attacker could exploit the vulnerability on the target se

Oracle Secure Backup Administration Server authentication bypass, plus command injection vulnerability CVE-2009-1977 and CVE-2009-1978 Use it for ethical pentesting only! The author accepts no liability for damage caused by this tool.

TDS协议分析与漏洞检测,使用SQL SERVER 者可参考学习此文档-TDS protocol analysis and vulnerability detection, using SQL SERVER learning may refer to this document