Monday, August 13, 2012

BBQSQL - Blind SQL Injection Exploitation Tool

  
BBQSQL is a SQL injection framework specifically designed to be hyper fast, database agnostic, easy to setup, and easy to modify.  The tool is extremely effective at exploiting a particular type of SQL injection flaw known as blind/semi-blind SQL injection.  When doing application security assessments we often uncover SQL vulnerabilities that are difficult to exploit. 

While current tools have an enormous amount of capability, when you can’t seem to get them to work you are out of luck.  We frequently end up writing custom scripts to help aid in the tricky data extraction, but a lot of time is invested in developing, testing and debugging these scripts.  

BBQSQL helps automate the process of exploiting tricky blind SQL injection.  We developed a very easy UI to help you setup all the requirements for your particular vulnerability and provide real time configuration checking to make sure your data looks right.  On top of being easy to use, it was designed using the event driven concurrency provided by Python’s gevent.  This allows BBQSQL to run much faster than existing single/multithreaded applications. 

Download: https://github.com 


Source:  http://neohapsis.com

1 comment:

Joe said...

Thanks for the recommendation - was able to use the tool with great success. I didn't even know what blind SQL injection was until i actually read up on it, and realized I needed to protect my website from it as well - helpful reference:

Blind SQL Injection