‘Data Thief, SQL Injection Proof of Concept’
‘The information has been provided by Cesar.’
‘Data Thief is a ‘proof-on-concept’ tool used to demonstrate to web administrators and developers how easy it is to steal data from a web application that is vulnerable to SQL Injection. Data Thief is designed to retrieve the data from a Microsoft SQL Server back-end behind a web application with a SQL Injection vulnerability. Once a SQL Injection vulnerability is identified, Data Thief does all the work of listing the linked severs, laying out the database schema, and actually selecting the data from a table in the application.
Data Thief uses techniques illustrated and described within the Manipulating Microsoft SQL Server Using SQL Injection white paper. Data Thief does not discover SQL Injection, only serves to demonstrate how easily they can be exploited and how far reaching they can be.’