All in One uR ThinkinGs , , , , , , ,

Softwares, Hacks, PTC, Tips And Tricks = !! Details..........................................................

Labels

Posted by pr0 X haCker's TeaM ! Labels:

MYSQL Server Hacking [Part 1]

Microsoft SQL Server is a popular and robust environment for many applications that use databases – it features excellent multi-access capabilities, comprehensive security coverage and can easily be transported to other database platforms. Unfortunately, such potential will not be realized – notwithstanding the use of royalty-free MSDE (Microsoft Database Engine optimized for individual or small workgroup solutions) if adequate security protection to the databases is not provided as a minimum. Why is this must –have technology? Because high capabilities of the SQL Server are combined with high flexibility and too much flexibility may be detrimental if used in the wrong manner. This article aims to identify certain types of risks that might result from inappropriate management of the Microsoft SQL Server.
If properly configured, each SQL Server permits all users to access the master database, which contains all the settings for SQL Server – and all the information that SQL Server uses to open the databases. It also contains all SQL login IDs, data of connected servers etc. Of course, “normal” users are not allowed to access all information resources. Figure 1 illustrates how the server behaves if an attempt is made to access the account list – as can be seen, the server has prevented users from reading passwords.
http://multisoftware-worldwide.blogspot.com
Nevertheless, account names and databases (including the information stored on them) may be accessed by unprivileged users. An example showing a piece of information taken by a user is illustrated in Figure 2 below.
FIGURE 1: A failed attempt to access the account list.








FIGURE 2: When a normal user manages to access the account list.































scolling to the bottom of the screen in the screenshot above gives the final few lines of screen ouput, shown below:
(4 rows affected)

1> select name,dbid from sysdatabases

2> go
name
dbid
-------------------------------------------
----------------------
master
1
tempdb
2
model
3
msdb
4
pubs
5
Northwind
6
pages
7
(7 rows affected)
1>
As can be seen it is difficult to keep your data secure from users’ prying eyes.
However…

Click here for PART 2

0 comments

Post a Comment

Subscribe to: Post Comments (Atom)

Hits Page

web counter html code

License

Entertainment (Music) - TOP.ORGBest Indian websites rankingEntertainment Blogs - Blog RankingsBlogRankers.comsoftware Free Downloads
EntertainmentTop Entertainment blogsSoftware Blogs - Blog Catalog Blog DirectoryTop Blogs
Submit your website to 20 Search Engines - FREE with ineedhits!@Submit!-FREE PromotionSearch Engine Marketing & OptimizationSubmit Your Site To The Web's Top 50 Search Engines for Free!
Haroof Top SitesWebsite Promotion

Website Promotion

Language Translate

Visitors FlaGs

free counters

Live map

Pages

Search
Powered by Blogger.

Live Traffic Feed

Categories

Followers

About Me

My photo
Come and lets get fucked bitches and m0r0nx ! wh0 try t0 cheated u ! this world is s0 selfish and careless =X u can easily fucked them by try t0 my hacking t00ls and s0ftwares =] i gifted t0 u these all things =] this w0rld d0es,nt care any0ne , s0 why u st0pped ? fuck all those wh0 try t0 cheat u, s0mething wr0nG u, anD dishearted t0 U ! Fucked them and feel free t0 life ! Enj0y =] prO X haCker's TeaM Private Contact = abzoz_killer981@hotmail.com
Posted by pr0 X haCker's TeaM ! | Friday, September 25, 2009 | Labels:

MYSQL Server Hacking [Part 1]

Microsoft SQL Server is a popular and robust environment for many applications that use databases – it features excellent multi-access capabilities, comprehensive security coverage and can easily be transported to other database platforms. Unfortunately, such potential will not be realized – notwithstanding the use of royalty-free MSDE (Microsoft Database Engine optimized for individual or small workgroup solutions) if adequate security protection to the databases is not provided as a minimum. Why is this must –have technology? Because high capabilities of the SQL Server are combined with high flexibility and too much flexibility may be detrimental if used in the wrong manner. This article aims to identify certain types of risks that might result from inappropriate management of the Microsoft SQL Server.
If properly configured, each SQL Server permits all users to access the master database, which contains all the settings for SQL Server – and all the information that SQL Server uses to open the databases. It also contains all SQL login IDs, data of connected servers etc. Of course, “normal” users are not allowed to access all information resources. Figure 1 illustrates how the server behaves if an attempt is made to access the account list – as can be seen, the server has prevented users from reading passwords.
http://multisoftware-worldwide.blogspot.com
Nevertheless, account names and databases (including the information stored on them) may be accessed by unprivileged users. An example showing a piece of information taken by a user is illustrated in Figure 2 below.
FIGURE 1: A failed attempt to access the account list.








FIGURE 2: When a normal user manages to access the account list.































scolling to the bottom of the screen in the screenshot above gives the final few lines of screen ouput, shown below:
(4 rows affected)

1> select name,dbid from sysdatabases

2> go
name
dbid
-------------------------------------------
----------------------
master
1
tempdb
2
model
3
msdb
4
pubs
5
Northwind
6
pages
7
(7 rows affected)
1>
As can be seen it is difficult to keep your data secure from users’ prying eyes.
However…

Click here for PART 2


at 7:47 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Labels

Blog Archive

Labels

Blog Archive