I'm learning SQL injections and how to exploit database vulneralities. I wondering what's the most interesting database (Oracle, MYSQL, Microsoft SQL Server, PostgreSQL, DB2...) to exploit with an SQLI?
Every DBMS offers specifics functionnalities (stored procedures...) and I've found that xp_cmdshell in SQL Server is very easy to exploit. But with Oracle, MYSQL and PostgreSQL you can also execute system command from SQLI even if it seems more complicated...
So, if you have the choice between Oracle, MYSQL, SQL Server and PostgreSQL to hack from an SQL injection, which one would you choose?
Aucun commentaire:
Enregistrer un commentaire