Sunday, May 9, 2010

Sqlninja 0.2.5 released

SQL Server injection & takeover tool

Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.Its main goal is to provide an interactive access on the vulnerable DB server,even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. It is written in Perl,it is released under the GPLv2 and so far has been successfully

What's new :
# Proxy support (it was about time!)
# No more 64k bytes limit in upload mode
# Upload mode is also massively faster
# Privilege escalation through token kidnapping (kudos to Cesar Cerrudo)
# Other minor improvements


No comments: