[ad]
SQL Power Injector is a graphical application created in .NET 1.1 that helps the penetrating tester to inject SQL commands on a web page.
For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode).
Moreover this application will get all the parameters you need to test the SQL injection, either by GET or POST method, avoiding thus the need to use several applications or a proxy to intercept the data.
The emphasis for this release is maturity, stability and reliability with secondary goals of usability, documentation and innovation.
There’s also a nifty Firefox Extension now.
One of the major improvements is an innovative way to optimize and accelerate the dichotomy in the Blind SQL injection, saving time/number of requests up to 25%.
Added to this it’s now possible to define a range list that will replace a variable (<<@>>) inside a blind SQL injection string and automatically play them for you. That means you can get all the database names from the sysdatabases table in MS SQL without having to input the dbid each time for example.
Also another great time saver is a new Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context. No more time wasted to copy paste the session cookies after you logged… And of course you can make the easy SQL tests in your browser and you use the plugin once you want to search more thoroughly.
To make your life easier there is now a new feature that will search the diff between a positive condition (1=1) response with a negative condition (1=2) and display the list for you.
Last major addition is the extensive databases Help file (chm) that contains most of the information you need when you SQL inject. It covers the 5 DBMS supported by SQL Power Injector. You can find in it the system tables and views with their columns, environment variables, the useful functions and stored procedures. All this with some notes to how to use them and why it’s useful for SQL injection.
You can download the latest version here:
Or read more here.
dre says
i’m going to start using this FF extension instead of a lot of the command line tools I use. Thanks for the pointer!
in the past, i’ve mostly used SQLiX from owasp, as well as a few manual methods (mostly using Burp). if you want the latest on Overlooked SQL Injection techniques, look no further than Paul Battista, who i recently saw give this talk at toorcon 9 in san diego.
dave aitel and jms also put together a sort of proxy fuzzer/monitor (basically an RDBMS spy) called SQL Hooker, which is certainly worth a look at. i think bestorm does something similar in their products. immunitysec is also working on a similar tool that would help with file monitoring to increase the intelligence behind manual or automated web application black-box security testing