Thursday, April 16, 2009

Released SQLSus v0.3 - MySQL injection and takeover tool

sqlsus is an open source MySQL injection and takeover tool, written in perl.

Via a command line interface that mimics a mysql console, you can retrieve the databases structure, inject SQL queries, download files from the web server, upload and control a backdoor, clone the databases, and much more...

It is designed to maximize the amount of data gathered per server hit, making the best use (I can think of) of MySQL functions to optimise the available injection space.

sqlsus is focused on PHP/MySQL installations, and integrates some neat features, some of them really specific to this DBMS.

It is not, however, (and won't ever be) a SQL injection scanner, it starts its job on the next step


No comments: