BBQSQL is a SQL injection framework specifically designed to be hyper fast, database agnostic, easy to setup, and easy to modify. The tool is extremely effective at exploiting a particular type of SQL injection flaw known as blind/semi-blind SQL injection. When doing application security assessments we often uncover SQL vulnerabilities that are difficult to exploit.
While current tools have
an enormous amount of capability, when you can’t seem to get them to
work you are out of luck. We frequently end up writing custom scripts
to help aid in the tricky data extraction, but a lot of time is invested
in developing, testing and debugging these scripts.
BBQSQL helps automate the process of exploiting tricky blind SQL
injection. We developed a very easy UI to help you setup
all the requirements for your particular vulnerability and provide real
time configuration checking to make sure your data looks right. On top
of being easy to use, it was designed using the event driven concurrency
provided by Python’s gevent. This allows BBQSQL to run much faster
than existing single/multithreaded applications.