Monday, May 25, 2009

bsqlbf-v2 Released

Blind Sql Injection Brute Forcer version 2
This is a modified version of 'bsqlbfv1.2-th.pl'. This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. Databases supported:

0. MS-SQL

1. MySQL

2. PostgreSQL

3. Oracle

The tool supports 6 attack modes(-type switch):-
Type 0: Blind SQL Injection based on true and false conditions returned by back-end server

Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.

Type 2: Blind SQL Injection in "order by" and "group by".

Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)

Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)

Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)

Download

No comments: