border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Monday, July 11, 2011

SQL Power Injector v1.2


SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page.

For now it is SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode). Indeed, the normal mode is basically the SQL command that someone will put in the parameter sent to the server.

If the aspect of inline SQL injection is powerful in itself, its main strength dwells in the multithreaded automation of the injection. Not only there is a possibility to automate tedious and time consuming queries but you can also modify the query to get only what you want. It is obviously more useful in the blind SQL injection since the other ways to exploit the SQL injection vulnerability is more effusive and much faster when the results are displayed on the web page (union select in a HTML table and generated 500 error for instance).

The automation can be realized in two ways: comparing the expected result or by time delay. The first way is generally compared against an error or difference between positive condition with a negative one and the second way will turn out positive if the time delay sent to the server equals to the one parameterized in the application.

The main effort done on this application was to make it as painless as possible to find and exploit a SQL injection vulnerability without using any browser. That is why you will notice that there is an integrated browser that will display the results of the injection parameterized in a way that any related standards SQL error will be displayed without the rest of the page. Of course, like many other features of this application, there are ways to parameterize the response of the server to make it as talkative to you as possible.

Supported on Windows, Unix and Linux operating systems
SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant
SSL support
Load automatically the parameters from a form or a IFrame on a web page (GET or POST)
Detect and browse the framesets
Option that auto detects the language of the web site
Detect and add cookies used during the Load Page process (Set-Cookie detection)
Find automatically the submit page(s) with its method (GET or POST) displayed in a different color
Can create/modify/delete loaded string and cookies parameters directly in the Datagrids
Single SQL injection
Blind SQL injection
Comparison of true and false response of the page or results in the cookie
Time delay
Response of the SQL injection in a customized browser
Can view the HTML code source of the returned page in HTML contextual colors and search in it
Fine tuning parameters and cookies injection
Can parameterize the size of the length and count of the expected result to optimize the time taken by the application to execute the SQL injection
Create/edit ASCII characters preset in order to optimize the blind SQL injection number of requests/speed

Multithreading (configurable up to 50)
Option to replace space by empty comments /**/ against IDS or filter detection
Automatically encode special characters before sending them
Automatically detect predefined SQL errors in the response page
Automatically detect a predefined word or sentence in the response page
Real time result
Save and load sessions in a XML file
Feature that automatically finds the differences between the response page of a positive answer with a negative one
Can create a range list that will replace the variable (<<@>>) inside a blind SQL injection string and automatically play them for you
Automatic replaying a variable range with a predefined list from a text file
Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context (parameters and cookies)
Two integrated tools: Hex and Char encoder and MS SQL @options interpreter
Can edit the Referer
Can choose a User-Agent (or even create one in the User-Agent XML file)
Can configure the application with the settings window
Support configurable proxies

Click here to download the tutorial

Download Version 1.2

Installation file MSI

Source code in C# and .Net 1.1

Same document as the one of the tutorial and Databases "Aide Memoire" Help file (chm)

Plugin Firefox (XPI Plugin Installation file)

No comments:

Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites More