28 October 2006 | 17,307 views

BobCat SQL Injection Tool based on Data Thief

Prevent Network Security Leaks with Acunetix

BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named “Data Thief” that was published as PoC by appsecinc. BobCat can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user has access to.

The methods that BobCat incorprates are based on those discussed in the following papers:

advanced sql injection
more advanced sql injection
advanced sql injection
manipulating sql server usig sql injection

I suggest if you are interested in SQL injection at all, you read all of the above papers.

BobCat Requirements

  1. Windows OS (Tested on XP SP2)
  2. Access to MS SQL server/MSDE2000 (Tested on MSDE2000)
  3. .Net Framework 2.0

Read more about BobCat here:

Northern Monkee – BobCat

Download BobCat here:

BobCat Alpha 0.3

Some tools to use with BobCat can be found here:

BobCat Tools



Recent in Database Hacking:
- Navy Sys Admin Hacks Into Databases From Aircraft Carrier
- aidSQL – PHP Application For SQL Injection Detection & Exploitation
- 1 Million Accounts Leaked From Banks, Government Agencies & Consultancy Firms

Related Posts:
- sqlninja 0.1.0alpha – MS-SQL Injection Tool
- Bsqlbf V2 – Blind SQL Injection Brute Forcer Tool
- Social Engineering Gets a Big Jewel Heist

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 70,873 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 53,729 views
- Absinthe Blind SQL Injection Tool/Software - 38,906 views

Low-cost VPS Hosting

Comments are closed.