jSQL Injection is a lightweight application used to find database information from a distant server. Tool is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).
jSQL Injection v0.72 Released
Injection and local test
Running injection requires the URL of a local or distant server, and the name of parameter to inject.
For a local test, you can save the following PHP code into file ‘simulate_get.php’ and move it to the root folder of your web server (e.g /www), then use
http://127.0.0.1/simulate_get.php?lib=
and finally click Connect to read the local database:
<?php
mysql_connect("localhost","root","");
mysql_select_db("my_own_database");
$result = mysql_query("SELECT * FROM my_own_table where my_own_field = ". $_GET['lib'])# time based
ordie( mysql_error());# error based
if( mysql_num_rows($result)!==0) echo " something ";# blind
while( $row = mysql_fetch_array($result, MYSQL_NUM))
echo join(',',$row);# normal?>
Features:
ºGET, POST, header, cookie methods
ºNormal, error based, blind, time based algorithms
ºAutomatic best algorithm selection
ºMulti-thread control (start/pause/resume/stop)
ºProgression bars
ºShows URL calls
ºSimple evasion
ºProxy setting
ºDistant file reading
ºWebshell deposit
ºTerminal for webshell commands
ºConfiguration backup
ºUpdate checker
ºAdmin page checker
ºBrute forcer (md5 mysql…)
ºCoder (encode decode base64 hex md5…)
ºSupports MySQL
0 comentários:
Post a Comment
Note: Only a member of this blog may post a comment.