Automatic SQL Database Injection - jSQL Injection

jSQL Injection is a lightweight application used to find database information from a distant server. Tool is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).

jSQL Injection v0.72 Released

Injection and local test

Running injection requires the URL of a local or distant server, and the name of parameter to inject.
For a local test, you can save the following PHP code into file ‘simulate_get.php’ and move it to the root folder of your web server (e.g /www), then use

http://127.0.0.1/simulate_get.php?lib=


and finally click Connect to read the local database:

<?php

    mysql_connect("localhost","root","");

    mysql_select_db("my_own_database");

    $result = mysql_query("SELECT * FROM my_own_table where my_own_field = ". $_GET['lib'])# time based

        ordie( mysql_error());# error based

    if( mysql_num_rows($result)!==0) echo " something ";# blind

    while( $row = mysql_fetch_array($result, MYSQL_NUM))

        echo join(',',$row);# normal?>

Features:

ºGET, POST, header, cookie methods
ºNormal, error based, blind, time based algorithms
ºAutomatic best algorithm selection
ºMulti-thread control (start/pause/resume/stop)
ºProgression bars
ºShows URL calls
ºSimple evasion
ºProxy setting
ºDistant file reading
ºWebshell deposit
ºTerminal for webshell commands
ºConfiguration backup
ºUpdate checker
ºAdmin page checker
ºBrute forcer (md5 mysql…)
ºCoder (encode decode base64 hex md5…)
ºSupports MySQL

Download  jSQL Injection