sqlget is a blind SQL injection tool developed in Perl, it lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file.
Databases supported:
- IBM DB2
- Microsoft SQL Server
- Oracle
- Postgres
- Mysql
- IBM Informix
- Sybase
- Hsqldb
- Mime
- Pervasive
- Virtuoso
- SQLite
- Interbase/Yaffil/Firebird (Borland)
- H2
- Mckoi
- Ingres
- MonetDB
- MaxDB
- ThinkSQL
- SQLBase
Evasion features:
- Full-width/Half-width Unicode encoding
- Apache non standard CR bypass
- mod_security bypass
- Random uppercase request transform
- PHP Magicquotes: encode every string using db CHR function or similar.
- Convert requests to hexadecimal values
- Avoid non-space replacing for /**/ or (\t) tab
- Avoid non || or + concatenation using db concat function or similar.
- Random user-agent
- Random proxy-server
- Random delay request
Common features:
- Database schemate download blacklist
- Cookie array support
- SSL support
- Proxy server support
- Database information dumped in csv format
You can find a demo here bypassing IBM ISS Proventia IPS:
ISR sqlget ISS Proventia Bypass
And you can download sqlget here:
Or read more here.
gyaresu says
Lovely. Another fine toy to play with.
Thanks Chap(s/ettes).
Darknet says
Yah I like the evasion features of this one, you can really tell it’s written by a pen-tester :)
No chapettes here tho heh.
gyaresu says
One must not assume.
Again the flash example is quite instructive. Great for just jumping in and having a bash. The README contains plenty of info also.
The flash player it’s running in is also good. Not having a complete mental when you drag it fore & back in time. Some of them are rubbish.
backbone says
well it sounds promising, I’ll have to try it out….
SN says
I am going to check this out. Let’s see if it crashes my site.
Sandeep Nain says
seems to be a good tool with such a long list of supported databases. ill check this one out..
Sandeep Nain says
Hi Guys
anybody tried this out? I did but sorry to say that I didnt find it much impressive. although it offers a great database support and some nice features such as proxy server supoort and ssl support.
But i found OWASP sqlix better than this. better results…
let me know if your opinion differs from me…
backbone says
I didn’t even succeed with the compilation of it :-\