Portcullis Labs » SID https://labs.portcullis.co.uk Research and Development en-US hourly 1 http://wordpress.org/?v=3.8.5 OWASP AU 2009 Slides https://labs.portcullis.co.uk/presentations/owasp-au-2009-slides/ https://labs.portcullis.co.uk/presentations/owasp-au-2009-slides/#comments Fri, 26 Apr 2013 18:00:30 +0000 http://wordpress.65535.com/blogtest/?p=126 Slides from OWASP Appsec Australia 2009.

The post OWASP AU 2009 Slides appeared first on Portcullis Labs.

]]>
Slides from OWASP Appsec Australia 2009.


The post OWASP AU 2009 Slides appeared first on Portcullis Labs.

]]>
https://labs.portcullis.co.uk/presentations/owasp-au-2009-slides/feed/ 0
BSQL Brute Forcer V2 https://labs.portcullis.co.uk/tools/bsql-brute-forcer/ https://labs.portcullis.co.uk/tools/bsql-brute-forcer/#comments Fri, 26 Apr 2013 18:59:28 +0000 http://wordpress.65535.com/blogtest/?p=256 Updated version of the Blind SQL Injection Brute Forcer from www.514.es. It work against PostgreSQL, MySQL, MSSQL and Oracle and supports custom SQL queries. Key features This is a modified version of ‘bsqlbfv1.2-th.pl’. This Perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command lineĀ  parameter and […]

The post BSQL Brute Forcer V2 appeared first on Portcullis Labs.

]]>
Updated version of the Blind SQL Injection Brute Forcer from www.514.es. It work against PostgreSQL, MySQL, MSSQL and Oracle and supports custom SQL queries.

Key features

This is a modified version of ‘bsqlbfv1.2-th.pl’. This Perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command lineĀ  parameter and it works for both integer and string based injections.

Databases supported:

  • MS-SQL
  • MySQl
  • Postgres
  • Oracle

Overview

The tool supports 2 attack modes(-type switch):

Type 0:- Blind SQL Injection based on true and false conditions returned by back-end server
Type 1:- Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.

Examples

$ ./bsqlbf-v2.pl -url http://192.168.1.1/injection_string_post/1.asp?p=1 -method post -match true -database 0 -sql "select top 1 name from sysobjects where xtype='U'"
Bsqlbfv2
bsqlbfv2.zip
April 26, 2013
7.4 KiB
MD5 hash: e8246b7bc2211618424867be3a58b5f4
Details

The post BSQL Brute Forcer V2 appeared first on Portcullis Labs.

]]>
https://labs.portcullis.co.uk/tools/bsql-brute-forcer/feed/ 0