Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Official release of SQL Power Injector v1.0

From: "Francois Larouche" <larouche_francois () hotmail com>
Date: Mon, 13 Feb 2006 17:57:22 +0000
Greeting list,
I have the pleasure to announce that SQL Power Injector is now officially available on my web site: 

www.sqlpowerinjector.com
Here are some details about the application (more details could be found on the web site): 

INTRODUCTION
============
SQL Power Injector is a graphical application created in .Net 1.1 that helps the penetrating tester to inject SQL commands on a web page.
For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode).
Moreover this application will get all the parameters you need to test the SQL injection, either by GET or POST method, avoiding thus the need to use several applications or a proxy to intercept the data. 

FEATURES
=======

•       Supported on Windows, Unix and Linux operating systems
•       SQL Server, Oracle and MySQL compliant
•       Load automatically the parameters on a web page (GET or POST)
•       Find automatically the submit page
•       Single SQL injection
•       Blind SQL injection
o Comparison of true and false response of the page or results in the cookie 
        o       Time delay
•       Response of the SQL injection in a customized browser
•       Fine tuning parameters injection
• Can parameterize the size of the length and count of the expected result to optimize the time taken by the application to execute the SQL injection 
•       Multithreading
• Option to replace space by empty comments /**/ against IDS or filter detection 
•       Automatically encode special characters before sending them
•       Automatically detect predefined SQL errors in the response page
•       Automatically detect a predefined word or sentence in the response page
•       Real time result
•       Possibility to inject an authentication cookie
•       Can view the HTML code source of the returned page
•       Detect automatically generic SQL error in the returned page

SUMMARY OF THE DIFFERENCES WITH THE OTHER EXISTING TOOLS
===========================================

•       Fine tuning parameters SQL injection
•       Time delay feature
•       Multithread feature
•       Response results in a customized browser

LICENSE
=====

Clarified Artistic License



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: 

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: