![]() In the past, remote file inclusion attacks dominated. But now, SQL injection attacks have increased substantially, in particular attacks using the attack tool "Havij". Havij is a simple Windows GUI tool to automate SQL injection attacks. Its capabilities are similar to tools like Absinthe and sqlmap. Personally, I think sqlmap is a more capable tool but it is not as easy to use as a click-kiddie friendly tool like Havij. Havij is distributed by itsecteam, an Iranian security company. ![]() The word "Havij" translates to "carrot" and indeed, Havij uses a carrot as icon. In its default setting, Havij is easily identified by its user agent: It does support POST but in my limited testing appears to be less reliable. Mozilla/4.0 (compatible MSIE 7.0 Windows NT 5.1 SV1. ![]() The attack method is pretty straight forward.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |