05 October 2007 | 22,353 views

Official release of SQL Power Injector 1.2 – Download Now!

Prevent Network Security Leaks with Acunetix

SQL Power Injector is a graphical application created in .NET 1.1 that helps the penetrating tester to inject SQL commands on a web page.

For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode).

Moreover this application will get all the parameters you need to test the SQL injection, either by GET or POST method, avoiding thus the need to use several applications or a proxy to intercept the data.

The emphasis for this release is maturity, stability and reliability with secondary goals of usability, documentation and innovation.

There’s also a nifty Firefox Extension now.

One of the major improvements is an innovative way to optimize and accelerate the dichotomy in the Blind SQL injection, saving time/number of requests up to 25%.

Added to this it’s now possible to define a range list that will replace a variable (<<@>>) inside a blind SQL injection string and automatically play them for you. That means you can get all the database names from the sysdatabases table in MS SQL without having to input the dbid each time for example.

Also another great time saver is a new Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context. No more time wasted to copy paste the session cookies after you logged… And of course you can make the easy SQL tests in your browser and you use the plugin once you want to search more thoroughly.

To make your life easier there is now a new feature that will search the diff between a positive condition (1=1) response with a negative condition (1=2) and display the list for you.

Last major addition is the extensive databases Help file (chm) that contains most of the information you need when you SQL inject. It covers the 5 DBMS supported by SQL Power Injector. You can find in it the system tables and views with their columns, environment variables, the useful functions and stored procedures. All this with some notes to how to use them and why it’s useful for SQL injection.

You can download the latest version here:

SQL Power Injector 1.2

Or read more here.



Recent in Database Hacking:
- Navy Sys Admin Hacks Into Databases From Aircraft Carrier
- aidSQL – PHP Application For SQL Injection Detection & Exploitation
- 1 Million Accounts Leaked From Banks, Government Agencies & Consultancy Firms

Related Posts:
- Priamos Project – SQL Injector and Scanner
- SQL Power Injector v1.1 Released
- Safe3 SQL Injector – Automatic Detection & Exploitation Of SQL Injection Flaws

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 71,956 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 53,758 views
- Absinthe Blind SQL Injection Tool/Software - 38,939 views

Advertise on Darknet

One Response to “Official release of SQL Power Injector 1.2 – Download Now!”

  1. dre 25 October 2007 at 11:14 pm Permalink

    i’m going to start using this FF extension instead of a lot of the command line tools I use. Thanks for the pointer!

    in the past, i’ve mostly used SQLiX from owasp, as well as a few manual methods (mostly using Burp). if you want the latest on Overlooked SQL Injection techniques, look no further than Paul Battista, who i recently saw give this talk at toorcon 9 in san diego.

    dave aitel and jms also put together a sort of proxy fuzzer/monitor (basically an RDBMS spy) called SQL Hooker, which is certainly worth a look at. i think bestorm does something similar in their products. immunitysec is also working on a similar tool that would help with file monitoring to increase the intelligence behind manual or automated web application black-box security testing