Tuesday, July 5, 2011

Sqlninja v.0.2.6-rc1 Released

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed. So far it has been successfully tested on:
.Mac OS X

It is basically an official release with all the new features that have been in the SVN for a while (most of them for almost 1 year, ouch). More specifically:

.ICMP-based shell
.CVE-2010-0232 support to escalate the sqlsrvr.exe process to SYSTEM (greetz Tavis)
.Header-based injection support

Download: http://sqlninja.sourceforge.net

No comments: