FG-Injector Framework is a set of tools designed to help find SQL injection vulnerabilities in web applications, and help the analyst assess their severity. It includes a powerful proxy feature for intercepting and modifying HTTP requests, and an inference engine for automating SQL injection exploitation.
Often web developers think that by disabling error messages in their code, SQL injection vulnerabilities stop being dangerous. When a SQL injection vulnerability doesn’t return errors messages it is known as a Blind Injection. The truth is that Blind Injections are just as dangerous as regular SQL Injections. By carefully selecting SQL sentences to inject, an attacker can retrieve information from the database of the vulnerable web application, one bit at a time. The end result is that the attacker can obtain the same data through the Blind SQL Injection that he/she would obtain from a regular -non-blind- SQL Injection.
You can find the downloads here including 0.9 version Windows binary and 0.9a source code:
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security
- Navy Sys Admin Hacks Into Databases From Aircraft Carrier
- aidSQL – PHP Application For SQL Injection Detection & Exploitation
- Safe3 SQL Injector – Automatic Detection & Exploitation Of SQL Injection Flaws
- Official release of SQL Power Injector 1.2 – Download Now!
- SQL Power Injector v1.1 Released
Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 73,730 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 53,878 views
- Absinthe Blind SQL Injection Tool/Software - 39,036 views