Fog Creek Software
Discussion Board




How to check which type of database a website uses

Back when the internet was in the pre-hype phase there use to be an online tool where when you type in the URL, it will return information on the web-site's OS, database etc

I can't remember the name of that tool and I was wondering if there are any online that can work the same majic?

Anne Levin
Saturday, August 09, 2003

OS, yes. Database, no. Same tool as always.

http://www.netcraft.com/

Any web site that exposes its database implementation enough to be sniffed at will is in pretty sad shape.

Brad Wilson (dotnetguy.techieswithcats.com)
Saturday, August 09, 2003

This is not simple, but sometimes can be done. "Web Hacking" discusses how to check the database engine. The key is to malform URLs or screw up parameters in a way that the database will generate an error which will be sent back to the user.

Mr Curiousity
Saturday, August 09, 2003

Or exploit strings sent directly to the SQL engine; such as the case with username- and password fields. This can be done by inserting a comment character and building your own query.

Well, that's what 'they' say, anyway...

Mickey Petersen
Saturday, August 09, 2003

hmmm ... if a string passed via url is automatically executed, there could be all kinds of mischeif to do

Daniel Shchyokin
Sunday, August 10, 2003

The smart developer escapes any string data to prevent miscreants from doing badness to the database.

Clay Dowling
Sunday, August 10, 2003

One thing you could do is if you assume the db server is on the same IP, try portscanning and see if you can find any db servers running.......

But then anyone with an ounce of intelligibility would have this all firewalled up anyway

James'Smiler' Farrer
Sunday, August 10, 2003

" if a string passed via url is automatically executed, there could be all kinds of mischeif to do "

There's a name for that: A SQL Insertion attack
If the URL is something like http://blabla.asp?SomeID=value

There is alway the possibility that the asp does something like
sql = "SELECT * FROM Table WHERE SomeID=" & Request.QueryString("SomeID")

Now imagine a URL like
http://blabla.asp?SomeID=value;<some malicious SQL statement>

This would result to the SQL statement
SELECT * FROM Table WHERE SomeID=value;<some malicious SQL statement>
being executed.

O, yes, another great thought: Combine this with MS SQL Server default security settings (sa account without password (until the latest SP that was))

Geert-Jan Thomas
Monday, August 11, 2003

silly question, but why??

Tapiwa
Monday, August 11, 2003

*  Recent Topics

*  Fog Creek Home