[ad] SQL Power Injector is a graphical application created in .NET 1.1 that helps the penetrating tester to inject SQL commands on a web page. For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode). Moreover this […]
sql-injection
w3af – Web Application Attack and Audit Framework
[ad] A pretty cool tool was released a while back called w3af ( Web Application Attack and Audit Framework ), a fully automated auditing and exploiting framework for the web. This framework has been in development for almost a year and has the following features: Audit SQL injection detection XSS detection SSI detection Local file […]
mssql-hax0r v0.9 – Multi-purpose MS-SQL injection script
[ad] mssql-hax0r v0.9 is a Multi-purpose MS-SQL injection attack tool for advanced Microsoft SQL Server exploitation. Three modes of operation are currently available: info (Information Gathering), dump (Record Dump), and brute (Brute Force). You may need to tweak the code a bit to make it fit your needs (i.e. modifying the injection string and/or the […]
FG-Injector – SQL Injection & Proxy Tool
FG-Injector Framework is a set of tools designed to help find SQL injection vulnerabilities in web applications, and help the analyst assess their severity. It includes a powerful proxy feature for intercepting and modifying HTTP requests, and an inference engine for automating SQL injection exploitation. Often web developers think that by disabling error messages in […]
sqlget v1.0.0 – Blind SQL Injection Tool in PERL
sqlget is a blind SQL injection tool developed in Perl, it lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file. Databases supported: IBM DB2 Microsoft SQL Server Oracle Postgres Mysql […]