| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 21 Jun 2008 10:40:47 +0100
From: "Sumit Siddharth" <sumit.siddharth@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Tool release: Bsqlbf-v2
Bsqlbf V2, Blind SQL Injection Brute Forcer
Bsqlbf was originally written by A. Ramos from www.514.es and was intended
to exploit blind sql injection against mysql backend database. This is a
modified version of the same tool. It supports blind sql injection against
the following databases:-
MS-SQL
MY-SQL
PostgreSQL
Oracle
It supports injection in string and integer fields. The feature which
separates this tool from all other sql injection tools is that it supports
custom SQL queries to be supplied with the -sql switch.
It supports 2 modes of attack(-type):
*Type 0*: Blind SQL Injection based on True And Flase response
*Type 1*: Blind SQL Injection based on True And Error
Response(details<http://www.notsosecure.com/folder2/2008/05/26/if-query-data-manipulation/>
)
*Usage*: *$./bsqlbf-v2.pl -url
http://192.168.1.1/injection_string_post/1.asp?p=1 -method post -match true
-database 0 -sql "select top 1 name from sysobjects where xtype='U'"*
*Download*: http://bsqlbf-v2.googlecode.com/files/bsqlbf-v2.1.zip
Send Your feedbacks/suggestions to sid-at-notsosecure(dot)com
--
Sumit Siddharth www.notsosecure.com
--
Sumit Siddharth
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists