lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <469BB3A1.4080506@sqlpowerinjector.com>
Date: Mon, 16 Jul 2007 11:06:25 -0700
From: Francois Larouche <francois.larouche-ml@...powerinjector.com>
To: bugtraq@...urityfocus.com
Subject: Official release of SQL Power Injector 1.2

Greeting list,

I have the pleasure to announce that a new version of SQL Power Injector 
is now officially available on my web site:

www.sqlpowerinjector.com

This time like the last version I emphasized on maturity, stability and 
reliability. I also emphasized on usability, documentation and innovation.

One of the major improvements is an innovative way to optimize and 
accelerate the dichotomy in the Blind SQL injection, saving time/number 
of requests up to 25%.

Added to this it's now possible to define a range list that will replace 
a variable (<<@>>) inside a blind SQL injection string and automatically 
play them for you. That means you can get all the database names from 
the sysdatabases table in MS SQL without having to input the dbid each 
time for example.

Also another great time saver is a new Firefox plugin that will launch 
SQL Power Injector with all the information of the current webpage with 
its session context. No more time wasted to copy paste the session 
cookies after you logged... And of course you can make the easy SQL 
tests in your browser and you use the plugin once you want to search 
more thoroughly.

To make your life easier there is now a new feature that will search the 
diff between a positive condition (1=1) response with a negative 
condition (1=2) and display the list for you.

Last major addition is the extensive databases Help file (chm) that 
contains most of the information you need when you SQL inject. It covers 
the 5 DBMS supported by SQL Power Injector. You can find in it the 
system tables and views with their columns, environment variables, the 
useful functions and stored procedures. All this with some notes to how 
to use them and why it's useful for SQL injection.

But of course, it's more than that... As you will see in the list of the 
new features.

* Now support DB2 database
* Can create/edit ASCII characters preset in order to optimize the blind 
SQL injection number of requests/speed
* Can make the blind SQL injection case insensitive (useful with 
characters preset)
* New feature that will find the differences between the response page 
of a positive answer with a negative one
* Created a Firefox Plugin that will launch SQL Power Injector with all 
the current page context (string parameters and cookies)
* Created an extensive documentation used as a databases "Aide Memoire" 
that contains information related to SQL injection for each supported 
DBMS (System tables (with their column names and description), 
environment and session variables, functions, dangerous stored procs, 
etc...)
* Can create a range list that will replace the variable (<<@>>) inside 
a blind SQL injection string and automatically play them for you
* Automatic replaying a variable range with a predefined list from a 
text file
* New management console for Cookies used for the Load Page process
* Detect and add Cookies used during the Load Page process (Set-Cookie 
detection)
* Improved the User Interface to display contextual information (normal 
vs blind mode)
* New Datagrid has been added with the Cookies information, which can be 
injected in the same fashion than the String Parameter
* Improved the accuracy and reliability of the blind SQL injection 
results (if a character cannot be found it's replaced by the sun char (ยค))
* Can edit the Referer
* View source now displays HTML in colors and can be customized in a XML 
file
* Can search in the View source
* Can choose an User-Agent from the menu (and even add new ones in the 
XML file)
* Threads are better managed and it's now possible to raise it to the 
number you wish (50 max in the application but can be changed in the 
source code)
* Can configure the application settings
* Support configurable proxies
* With SQL Server it is possible to use the TOP keyword
* Take in account the different syntax of MySQL 4.1.0 and lower with 
higher versions in the database list
* Various things redesigned and quality improvement
* Two integrated tools: Hex and Char encoder and MS SQL @options 
interpreter
* Problems when there is a Form tag inside another one (Bug fix)
* Bug with multi threads with cookies (Bug fix)

For those who don't know what is SQL Power Injector you will find next
some details about the application (more details can be found on the web
site):

INTRODUCTION
=============

SQL Power Injector is a graphical application created in .Net 1.1 that
helps the penetrating tester to inject SQL commands on a web page.

For now it is SQL Server, Oracle and MySQL compliant, but it is possible 
to use it with any existing DBMS when using the inline injection (Normal
mode).

Moreover this application will get all the parameters you need to test 
the SQL injection, either by GET or POST method, avoiding thus the need 
to use several applications or a proxy to intercept the data.

FEATURES
=======

* Supported on Windows, Unix and Linux operating systems
* SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant
* SSL support
* Load automatically the parameters from a form or a IFrame on a web 
page (GET or POST)
* Detect and browse the framesets
* Option that auto detects the language of the web site
* Detect and add cookies used during the Load Page process (Set-Cookie 
detection)
* Find automatically the submit page(s) with its method (GET or POST) 
displayed in a different color
* Can create/modify/delete loaded string and cookies parameters directly 
in the Datagrids
* Single SQL injection
* Blind SQL injection
    - Comparison of true and false response of the page or results in 
the cookie
    - Time delay
* Response of the SQL injection in a customized browser
* Can view the HTML code source of the returned page in HTML contextual 
colors and search in it
* Fine tuning parameters and cookies injection
* Can parameterize the size of the length and count of the expected 
result to optimize the time taken by the application to execute the SQL 
injection
* Create/edit ASCII characters preset in order to optimize the blind SQL 
injection number of requests/speed
* Multithreading (configurable up to 50)
* Option to replace space by empty comments /**/ against IDS or filter 
detection
* Automatically encode special characters before sending them
* Automatically detect predefined SQL errors in the response page
* Automatically detect a predefined word or sentence in the response page
* Real time result
* Save and load sessions in a XML file
* Feature that automatically finds the differences between the response 
page of a positive answer with a negative one
* Can create a range list that will replace the variable (<<@>>) inside 
a blind SQL injection string and automatically play them for you
* Automatic replaying a variable range with a predefined list from a 
text file
* Firefox plugin that will launch SQL Power Injector with all the 
information of the current webpage with its session context (parameters 
and cookies)
* Two integrated tools: Hex and Char encoder and MS SQL @options 
interpreter
* Can edit the Referer
* Can choose a User-Agent (or even create one in the User-Agent XML file)
* Can configure the application with the settings window
* Support configurable proxies

SUMMARY OF THE DIFFERENCES WITH THE OTHER EXISTING TOOLS
========================================================

* Web page string and cookie parameters auto detection
* Fine tuning parameters SQL injection
* Time delay feature
* Multithread feature
* Response results in a customized browser
* Automated positive and negative condition discovery
* Blind SQL injection characters preset optimizer

LICENSE
=======

Clarified Artistic License

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ