Waraxe IT Security Portal

hadi85 · Beginner

Havij v1.13 Advanced SQL Injection Tool released. New features of this version are:

* Oracle error based database added with ability to execute query.
* Getting tables and column when database name is unknown added (mysql)
* Another method added for finding columns count and string column in PostgreSQL
* Automatic keyword finder optimized and some bugs fixed.
* A bug in finding valid string column in mysql fixed.
* 'Key is not unique' bug fixed
* Getting data starts from row 2 when All in One fails - bug fixed
* Run time error when finding keyword fixed.
* False table finding in access fixed.
* keyword correction method made better
* A bug in getting current data base in mssql fixed.
* A secondary method added when input value doesn't return a normal page (usually 404 not found)
* Data extraction bug in html-encoded pages fixed.
* String or integer type detection made better.
* A bug in https injection fixed.

Info : http://itsecteam.com/en/projects/project1.htm
Havij v1.13 Free : http://itsecteam.com/files/havij/Havij1.13Free.rar
Help : http://itsecteam.com/files/havij/havij_help-english.pdf

tsabitah · Valuable expert

good information

FreeSoftware · Beginner

Now, FREE
Havij_1.15_Pro_Patch_2012

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

What's New?

Webknight WAF bypass added.
Bypassing mod_security made better
Unicode support added
A new method for tables/columns extraction in mssql
Continuing previous tables/columns extraction made available
Custom replacement added to the settings
Default injection value added to the settings (when using %Inject_Here%)
Table and column prefix added for blind injections
Custom table and column list added.
Custom time out added.
A new md5 cracker site added
bugfix: a bug releating to SELECT command
bugfix: finding string column
bugfix: getting multi column data in mssql
bugfix: finding mysql column count
bugfix: wrong syntax in injection string type in MsAccess
bugfix: false positive results was removed
bugfix: data extraction in url-encoded pages
bugfix: loading saved projects
bugfix: some errors in data extraction in mssql fixed.
bugfix: a bug in MsAccess when guessing tables and columns
bugfix: a bug when using proxy
bugfix: enabling remote desktop bug in windows server 2008 (thanks to pegasus315)
bugfix: false positive in finding columns count
bugfix: when mssql error based method failed
bugfix: a bug in saving data
bugfix: Oracle and PostgreSQL detection

Download Links:

http://www.multiupload.com/22MTCIGFV0
http://www.4shared.com/rar/2GQlODvk/Havij_115_Pro_Patch_2012.html
http://www.mediafire.com/?7aq6c2nse30s6j1

Enjoy...