border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Friday, November 2, 2012

jSQL Injection V0.2 is a java tool for automatic database injection

An easy to use SQL injection tool for retrieving database informations from a distant server.

You can discuss about jSQL Injection on the discussion group.

jSQL Injection features:

GET, POST, header, cookie methods
normal, error based, blind, time based algorithms
automatic best algorithms detection
data retrieving progression
proxy setting
For now supports MySQL.

Running injection requires the distant server url and the name of the parameter to inject.

If you know an injection should work but the jSQL tool doesn't access the database, you can inform me by email or use the discussion group.

For a local test, you can save the following PHP code in a script named for example simulate_get.php, and use the URL in the first field of the tool, then click Connect to access the database:

    mysql_connect("localhost", "root", "");

    $result = mysql_query("SELECT * FROM my_own_table where my_own_field = {$_GET['lib']}") # time based
    or die( mysql_error() ); # error based

    if(mysql_num_rows($result)!==0) echo" true "; # blind

    while ($row = mysql_fetch_array($result, MYSQL_NUM))
        echo join(',',$row); # normal


No comments:

Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites More