BestHub
Sign in
Tagged articles
7 articles
Page 1 of 1
Black & White Path
Black & White Path
Apr 21, 2026 · Information Security

A Full-Scale Penetration Test Walkthrough: From MSSQL Weak Passwords to Nacos N‑Day Exploits

This article documents a complete penetration test on a newly deployed environment, detailing how weak credentials, unauthenticated services, and misconfigurations in MSSQL, Nacos, Oracle, Telnet, OA, NC, Redis, Spring, and frontend assets were systematically discovered and exploited, with step‑by‑step screenshots illustrating each compromise.

MSSQLNacosOracle
0 likes · 6 min read
A Full-Scale Penetration Test Walkthrough: From MSSQL Weak Passwords to Nacos N‑Day Exploits
Black & White Path
Black & White Path
Mar 11, 2026 · Information Security

ByPassTamperPlus: Enhanced SQLMap Tamper Scripts for Advanced WAF Bypass

ByPassTamperPlus is a Python‑based collection of SQLMap tamper scripts tailored for MSSQL, MySQL and Oracle across multiple versions, employing version‑specific syntax, functions and obfuscation techniques to improve payload survivability against modern Web Application Firewalls, while acknowledging inherent limitations.

MSSQLOracleSQLMap
0 likes · 6 min read
ByPassTamperPlus: Enhanced SQLMap Tamper Scripts for Advanced WAF Bypass
IT Services Circle
IT Services Circle
Apr 26, 2025 · Databases

Popular VS Code Database Client Extensions and How to Use Them

This article introduces several widely used Visual Studio Code extensions for database management—including SQLTools, MSSQL, Database Client, DBCode, DevDb, and MongoDB for VS Code—detailing their features, supported databases, installation steps, and marketplace links to help developers choose the right tool for their workflow.

DevDbExtensionsMSSQL
0 likes · 5 min read
Popular VS Code Database Client Extensions and How to Use Them
Huolala Tech
Huolala Tech
Mar 18, 2025 · Information Security

Mastering MSSQL Attack Chains: Exploit Techniques and Defense Strategies

This article provides a comprehensive analysis of MSSQL attack vectors—including stored procedures, COM components, CLR, sandbox bypass, triggers, proxy jobs, Kerberoasting, and linked servers—detailing prerequisites, exploitation steps with code examples, and practical mitigation recommendations to harden database security.

Attack TechniquesCLRCOM
0 likes · 21 min read
Mastering MSSQL Attack Chains: Exploit Techniques and Defense Strategies
Huolala Safety Emergency Response Center
Huolala Safety Emergency Response Center
Mar 18, 2025 · Information Security

Uncovering MSSQL Attack Chains: Stored Procedures, COM, CLR, Triggers, and Lateral Movement

This article provides a comprehensive technical analysis of MSSQL attack vectors—including vulnerable stored procedures, COM automation, CLR exploitation, sandbox bypass, trigger abuse, proxy jobs, Kerberoasting, and linked servers—detailing prerequisites, step‑by‑step T‑SQL examples, mitigation recommendations, and overall impact on database security.

Attack ChainCLRCOM Automation
0 likes · 19 min read
Uncovering MSSQL Attack Chains: Stored Procedures, COM, CLR, Triggers, and Lateral Movement
ITPUB
ITPUB
Mar 22, 2016 · Information Security

Exploiting a Rare MSSQL Blind Injection via @@LANGID and @@TEXTSIZE

The author details a seldom‑seen MSSQL blind injection discovered during a Google bounty, explaining why automated scanners failed, how manual testing with @@LANGID and @@TEXTSIZE revealed the flaw, and the proof‑of‑concept steps that ultimately earned a reward.

Blind InjectionGoogle BountyMSSQL
0 likes · 5 min read
Exploiting a Rare MSSQL Blind Injection via @@LANGID and @@TEXTSIZE