-->

Thursday, 1 November 2012

Automated Blind SQL Injection Attacking Tool


Though manual sql injection is best but we may need to use tool for sql injection. When sql injection url don't show error message and we find it as a blind sql injection vulnerability then we use it. There are many tools in internet.
One of the best tool for blind sql injection is BSQLBF expanded as Blind Sql Injection Brute Forcer.

Supported Database:
  • MS-SQL
  • MySQL
  • PostgreSQL
  • Oracle
It supports 8 kind of attacking:
back-end server to true & error (e.g syntax error) >>> Blind SQL Injection
Blind SQL Injection  “order by” & “group by”
SYS privileges (ORACLE dbms_export_extension exploit ) >>> Find Data
O.S code execution (ORACLE dbms_export_extension exploit)
Read file (ORACLE dbms_export_extension exploit, java)
O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit
O.S code execution SYS.KUPP $PROC.CREATE_MASTER_PROCESS(), DBA Privs
O.S code execution DBMS_JAVA_TEST.FUNCALL, java IO Permissions

Download BSQLBF

Related Posts Plugin for WordPress, Blogger...
Blogger Template by Komal