This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections.
We reported bsqlbf when it first hit the net back in April 2006 with bsqlbf v1.1, then the v2.0 update in June 2008. This new [...]
Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management [...]
WITOOL is an graphical based SQL Injection Tool written in dotNET.
- For SQL Server, Oracle
- Error Base and Union Base
Interface
Features
Retrieve schema : DB/TableSpace, Table, Column, other object
Retrieve data : retrive paging, dump xml file
Log : View the raw data HTTP log
Environment
OS: Windows 2000/XP/VISTA
Requirement: Microsoft .NET(2.0) Library (Download Here).
You can download WITOOL v0.1 here:
WITOOL_V0.1_081231.zip
Or read more [...]
