Monday 24 January 2011

download SqlInjector v.1.0.2 | blind SQL injection tool

download SqlInjector v.1.0.2 
blind SQL injection tool

SQLInjector is a tool to perform blind SQL injection in a website. This version only supports MS SQL Server. It uses time based inference to determine true or false conditions to extract data. The key feature is that it uses a binary search mechanism to reduce the character search address space, this means it can get each character value within 7 to 8 requests. 

This is a fairly major update to SqlInjector (yes renamed from BlindSqlInjector). The key change is the addition of true/false inference. So if you have SQLi then its definitely faster to use true/false inference rather than time. 

Its features are:
  • Ability to export data
  • Binary search for faster character identification
  • Completely blind injection using time based inference
  • True/False inference
  • Supports MS SQL Server
  • Extracts database name
  • Extracts current user
  • Extracts server version
  • Extracts table names
  • Extracts column names
  • Extracts column data types
  • Extracts column lengths
  • Configurable space encoding
  • Configurable wait timing
  • Tree view display of enumerated data
  • Resume support
  • Save/Loading of project files
  • Proxy support
  • Authentication support (Basic, Negotiate, Digest, NTLM, X509)

Download Here

No comments:

Post a Comment