Showing posts with label SQLi. Show all posts
Showing posts with label SQLi. Show all posts

Wednesday, May 29, 2013

[aidSQL] A tool that will aid you when trying to find vulnerable spots in your site


Is a PHP application provided for detecting security holes in your website/s. It's a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation.


2013-05-27

NEW aidSQL Release which supports MS SQL SERVER 2000 Database injection and reverse enginneering.

2013-05-23

SOON, new release with Ms SQL Reverse Engineering support

2012-09-12
Hey everyone! I just got back to business and I'm improving aidSQL's code structure plus adding some other functionality to it. I'm currently looking for people who can contribute doing BASH SCRIPTING. I'm now doing a small test site installer for using aidSQL locally and I'm in need of bash scripters, if you are one/known one, send me an email.

Posted by at No comments:
Labels: , , ,

Thursday, May 23, 2013

[jSQL Injection v0.4] Java tool for automatic database injection


jSQL Injection is a lightweight application used to find database information from a distant server.

jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).

Version 0.4 features:
  • GET, POST, header, cookie methods
  • Normal, error based, blind, time based algorithms
  • Automatic best algorithm selection
  • Multi-thread control (start/pause/resume/stop)
  • Progression bars
  • Shows URL calls
  • Simple evasion
  • Proxy setting
  • Distant file reading
  • Webshell deposit
  • Terminal for webshell commands
  • Configuration backup
  • Update checker
  • Admin page checker
  • Brute forcer (md5 mysql...)
  • Coder (encode decode base64 hex md5...)
  • Supports MySQL 

Posted by at No comments:
Labels: , , , , , , ,

[SQLi Dorking] script en perl para búsqueda de SQLi

sqliDorking.pl es un script en Perl de Crozz Cyborg que busca páginas vulnerables a inyecciones SQL usando dorks de Google o Bing. También acepta lista de dominios.




Uso: sqliDorking.pl [-d/-bd ] -p [-l Links.txt]  [-f Logs.txt]

Opciones:
  -gd : Google Dork
  -bd : Bing Dork
  -l : Archivo con links para analizar
  -p : Numero de paginas para buscar
  -f : Archivo donde se guardaran los logs

Ejemplos de uso:
sqliDorking.pl -gd inurl:product.php?id= -p 3 -f VulneSQL.txt
sqliDorking.pl -l links.txt -f VulneSQL.txt
sqliDorking.pl -bd inurl:product.php?id= -p 3
sqliDorking.pl -l links.txt

Posted by at No comments:
Labels: , , , , , , ,

Monday, May 20, 2013

[DroidSQLi] MySQL Injection tool for Android

DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks.  


DroidSQLi supports the following injection techniques:
- Time based injection
- Blind injection
- Error based injection
- Normal injection

Posted by at No comments:
Labels: , , ,

Sunday, March 10, 2013

[JSQL v0.3] Java Tool for Automatic Database Injection

jSQL Injection is a lightweight application used to find database information from a distant server.

jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).




Version 0.2 features:
  • GET, POST, header, cookie methods
  • normal, error based, blind, time based algorithms
  • automatic best algorithm selection
  • thread control (start/pause/resume/stop)
  • expose URL calls
  • simple evasion
  • data retrieving progression bar
  • proxy setting
  • supports MySQL

Next release v0.3 will include:
+ distant file reading [sqli]
+ webshell deposit [sqli]
+ terminal to run webshell commands [gui]
+ configuration backup [gui]
+ Updates checking [gui]
+ user interface tweaks [gui]
 
Next work:
+ distant table writing [sqli]
+ distant file writing [sqli]
+ reverse tcp shell deposit [sqli]
+ right elevation [sqli]
+ speed increase (non encoding pass): 50% faster [sqli]
+ control all running tasks in a tab [gui]
# speed test comparison with other injection tools [dev]
# automatic code testing (JUnit) [dev]
# wiki pages [site]


Posted by at No comments:
Labels: , , , , , ,

Wednesday, February 27, 2013

[Netsparker Community Edition v2.5.2.0] Released!

Netsparker Community Edition is a SQL Injection Scanner. It’s a free edition of our web vulnerability scanner for the community so you can start securing your website now. It’s user friendly, fast, smart and as always False-Positive-Free.

It shares many features with professional edition. It can detect SQL Injection and XSS issues better than many other scanners (if not all), and it’s completely FREE.



Netsparker can scan for lots of web security vulnerabilities, this free version of Netsparker is a great SQL injection scanner. It can scan and exploit SQL Injection vulnerabilities in different back-end databases with really high accuracy and without any false-positives. Netsparker is the best SQL Injection Scanner among the all commercial, free and open source web vulnerability scanner according to 3rd party benchmark by finding 98.53% of all SQL Injections in tests1.


Netsparker CE features

  • False-Positive Free
  • AjAX/JavaScript Supp0rt
  • Hassle Free Licensing
  • Heuristic Cust0m 4o4 Support
  • Free Automated Updates
  • Error Based SqL Injection
  • Boolean Based SQL Injection
  • Reflective Cross-site ScriptIng (xss)
  • Permanent/St0red Cross-site Scripting (XSS)
  • and many more


Security Checks that come with CE

Error Based SQL Injection
Boolean Based SQL Injection
Time Based Blind SQL Injection
Local File Inclusion
Remote File Inclusions
Remote Code Injection / Evaluation
Cross-site Scripting (XSS) via RFI
Reflective Cross-site Scripting (XSS)
Permanent/Stored Cross-site Scripting (XSS)
OS Level Command Injection
CRLF / HTTP Header Injection / Response Splitting
Open Redirect
Find Backup Files
Crossdomain.xml Analysis
Finds and Analyse Potential Issues in Robots.txt
Finds and Analyse Google Sitemap Files
Detect TRACE / TRACK Method Support
Detect ASP.NET Debugging
Detect ASP.NET Trace
ASP.NET ViewState Analysis
ViewState is not Signed
ViewState is not Encrypted
Post Exploitation Checks
E-mail Address Disclosure
Internal IP Disclosure
Cookies are not marked as Secure
Cookies are not marked as HTTPOnly
Directory Listing
Stack Trace Disclosure
Version Disclosure
Access Denied Resources
Internal Path Disclosure
Programming Error Messages
Database Error Messages
CVS, GIT and SVN Information and Source Code Disclosure
Find PHPInfo() pages and PHPInfo() disclosures
Apache Server-Status and Apache Server-Info pages
Find Hidden Resources
Basic Authentication over HTTP
Password Transmitted over HTTP
Password Form Served over HTTP
Source Code Disclosure
Auto Complete Enabled

Download

http://www.mavitunasecurity.com/communityedition/
Posted by at No comments:
Labels: , , , , ,

Friday, February 22, 2013

[jSQL] SQLi automática con Java

jSQL es una herramienta gratuita y de código abierto construida en Java para inyecciones SQL automáticas. Con una interfaz muy sencilla y fácil de usar para el usuario.



Características:
  • Soporte para metodos GET, POST, header cookie.
  • Tipos de inyección: normal, error based, blind, time based.
  • Detección de algoritmos automática.
  • Muestra el progreso para recibir datos
  • Opciones para detener, pausar o reanudar operaciones.
  • Soporte para Proxy.
  • Evasión
  • Disponible para Linux, Windows, etc.
  • Soporte solo para MySQL
Actualmente se encuentra en la versión 0.2

Página del proyecto: http://code.google.com/p/jsql-injection/
Descargas: http://code.google.com/p/jsql-injection/downloads/list

[Fuente]
Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)