|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 75
Members: 0
Total: 75
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
I need SQL Injection Exploit tool |
|
Posted: Sun Feb 05, 2006 3:27 am |
|
|
yak |
Beginner |
|
|
Joined: Feb 05, 2006 |
Posts: 1 |
|
|
|
|
|
|
|
Hi everyone,
I need a tool that can exploit SQL Injection websites and download their databases to my PC. I need it very much. I tried many tools before but not success
Would you pls share me that tool?
Thanks a lot. |
|
|
|
|
|
Re: I need SQL Injection Exploit tool |
|
Posted: Wed Mar 22, 2006 11:07 pm |
|
|
nooob |
Beginner |
|
|
Joined: Mar 23, 2006 |
Posts: 2 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Thu Mar 23, 2006 1:00 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sat Apr 15, 2006 10:02 pm |
|
|
Indiction |
Regular user |
|
|
Joined: Apr 12, 2006 |
Posts: 11 |
|
|
|
|
|
|
|
basic perl script for injection
Code: |
#!/etc/bin/perl
# replace this line with #!C:\Perl\bin\perl on a Windows system
# provided AS-IS, no warranty, expressed or implied
# this program is completely in the public domain: you can modify it at will
# with Windows, use ActivePerl www.activestate.com
# UNIX should already have it preinstalled
use IO::Socket;
if(@ARGV < 3)
{
die "usage: perl sqlinj.pl server path string\n";
}
$server = $ARGV[0];
$path = $ARGV[1];
$string = $ARGV[2];
# this method uses GET
$sock = IO::Socket::INET->new(Proto => 'tcp', PeerAddr => "$server", PeerPort => 80) or die "could not connect to the server: $!\n";
$inject = sprintf("%s?%s", $path, $string);
print $sock "GET $inject HTTP/1.1\n"
print $sock "User-Agent: sqlinj.pl/1.0 (Windows NT 5.1; U; en)\n"; # feel free to change if not WinXP
print $sock "Host: www.$server\n";
print $sock "Accept: */*\n";
print $sock "Connection: close\n\n";
while($data = <$sock>)
{
print "$data";
}
print "\n[output complete.]\n";
|
|
|
|
|
|
|
|
|
|
Posted: Sat May 13, 2006 2:01 pm |
|
|
julia |
Beginner |
|
|
Joined: May 13, 2006 |
Posts: 2 |
|
|
|
|
|
|
|
Indiction wrote: | basic perl script for injection
Code: | [... Too long to quote ...] |
|
There is an error:
Code: | C:\Borland\BCC55_2\Include>perl C:\***\sql_injector.pl
syntax error at C:\***\sql_injector.pl line 25, near "print"
Execution of C:\***\sql_injector.pl aborted due to compilation erro
rs. |
??? |
|
|
|
|
|
|
|
|
Posted: Sat May 13, 2006 2:17 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
First, I suggest to use ActivePerl on Windows platform:
http://www.activestate.com/Products/ActivePerl/?mp=1
Second, looking @ this perl script, it seems useless for me. Just empty container for GET request. No functionality at all.
Third - UserAgent string like "User-Agent: sqlinj.pl/1.0 (Windows NT 5.1; U; en)" is very bad practice. Just emulate IE or firefox, so server logs are cleaner after attacking.
Fourth - I suggest to try POST and/or COOKIE attack vectors in case of php based target. Becasue in this way web server will not log attack attempt details at all (in most cases). |
|
|
|
|
Posted: Wed May 17, 2006 12:26 am |
|
|
trace |
Regular user |
|
|
Joined: May 17, 2006 |
Posts: 8 |
|
|
|
|
|
|
|
I have some tools have to do with SQLinjector,but those writen by chinaese. |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|