News - Main Page
Whitepapers
Tools and Download
Presentations

download

  • bsqlbfV2
    MD5: E8246B7BC2211618424867BE3A58B5F4
    SHA1:B96B9708FA9AE4FB3C7018198C1F0CE42015940C

screenshots

Screenshot

related links

licence

summary

BSQL brute forcer V2

This is a modified version of 'bsqlbfv1.2-th.pl'. This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line  parameter and it works for both integer and string based injections. Databases supported:-

0. MS-SQL
1. MySQl
2. Postgres
3. Oracle

The tool supports 2 attack modes(-type switch):-

Type 0:- Blind SQL Injection based on true and false conditions returned by back-end server

Type 1:- Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.

Usage example:
$./bsqlbf-v2.pl -url http://192.168.1.1/injection_string_post/1.asp?p=1 -method post -match true -database 0 -sql "select top 1 name from sysobjects where xtype='U'"

Last Updated : 18/06/2008 12:21:58


Related Applications

  • Apache UsersEnumerate the usernames on any system that uses Apache and the UserDir module.
  • BSQL HackerBSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.
  • Deep Blind SQL InjectionDeep Blind SQL Injection is a new way to exploit Blind SQL Injections with a 66% reduction in the number of requests.
  • DoS Attacks Using SQL WildcardsThis paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in most common web applications.
  • enum4linuxA Linux alterntive to enum.exe for enumerating data from Windows and Samba hosts.
  • Flash Security
  • GUI Access Through SQL Injection
  • hoppyHTTP options prober and information disclosure scanner