We are testing one of the things that we want to treat as a valuable asset: the databases for our clients. This is where the company usually has most of the data that, if compromised, could cost the company a great amount of revenue. There are a number of different databases that are out there. We will concentrate on only three of them: Microsoft SQL (MSSQL), MySQL, and Oracle.
The MSSQL database has provided us with a number of vulnerabilities over the years, but as the versions of the database became more mature, the vulnerabilities decreased dramatically. We will start off by searching to see whether we can find any database exploits in the Exploit DB site for MSSQL. The results of the search are shown in the following screenshot:
As the previous screenshot shows, we do not have much of a selection of exploits that are against the MSSQL database, but we do have an interesting exploit that is against the Symantec Endpoint Protection Manager. However, it is not against...