BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named “Data Thief” that was published as PoC by appsecinc. BobCat can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user has access to.
The methods that BobCat incorprates are based on those discussed in the following papers:
I suggest if you are interested in SQL injection at all, you read all of the above papers.
- Windows OS (Tested on XP SP2)
- Access to MS SQL server/MSDE2000 (Tested on MSDE2000)
- .Net Framework 2.0
Read more about BobCat here:
Download BobCat here:
Some tools to use with BobCat can be found here:
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security
- Navy Sys Admin Hacks Into Databases From Aircraft Carrier
- sqlninja 0.1.0alpha – MS-SQL Injection Tool
- Social Engineering Gets a Big Jewel Heist
- Bsqlbf V2 – Blind SQL Injection Brute Forcer Tool
Most Read in Database Hacking: