Penetration Testing mailing list archives
sqlsus 0.2 released !
From: sativouf <sativouf () gmail com>
Date: Wed, 04 Mar 2009 22:09:21 +0000
Hello, A new version of sqlsus has been released and is available at http://sqlsus.sf.net/ You will find on the website a description of the features, along with some documentation and flash demos showing how the tool can be used. sqlsus is a MySQL injection and takeover tool, written in perl.Via a command line interface that mimics a mysql console, you can retrieve the
database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more... It is designed to maximize the amount of data gathered per web server hit, making the best use (I can think of) of MySQL functions to optimize the available injection space. sqlsus is focused on PHP/MySQL installations, and already integrates some neat features, some of which are really specific to this DBMS. It is not and won't ever be a SQL injection scanner, it starts its job on the next step. I have lots of ideas for sqlsus improvements, all I need is time, and feedback :) The code is really young (and quite dirty), so I have no doubt there are lots of bugs waiting to be found (and fixed). Anyway, so far it has been working pretty well for me, and I hope you will find this tool useful. Download and enjoy :) - sativouf
Current thread:
- sqlsus 0.2 released ! sativouf (Mar 04)