Full Disclosure mailing list archives
Tool release: Bsqlbf-v2
From: "Sumit Siddharth" <sumit.siddharth () gmail com>
Date: Sat, 21 Jun 2008 10:40:47 +0100
Bsqlbf V2, Blind SQL Injection Brute Forcer Bsqlbf was originally written by A. Ramos from www.514.es and was intended to exploit blind sql injection against mysql backend database. This is a modified version of the same tool. It supports blind sql injection against the following databases:- MS-SQL MY-SQL PostgreSQL Oracle It supports injection in string and integer fields. The feature which separates this tool from all other sql injection tools is that it supports custom SQL queries to be supplied with the -sql switch. It supports 2 modes of attack(-type): *Type 0*: Blind SQL Injection based on True And Flase response *Type 1*: Blind SQL Injection based on True And Error Response(details<http://www.notsosecure.com/folder2/2008/05/26/if-query-data-manipulation/> ) *Usage*: *$./bsqlbf-v2.pl -url http://192.168.1.1/injection_string_post/1.asp?p=1 -method post -match true -database 0 -sql "select top 1 name from sysobjects where xtype='U'"* *Download*: http://bsqlbf-v2.googlecode.com/files/bsqlbf-v2.1.zip Send Your feedbacks/suggestions to sid-at-notsosecure(dot)com -- Sumit Siddharth www.notsosecure.com -- Sumit Siddharth
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Tool release: Bsqlbf-v2 Sumit Siddharth (Jun 21)