bsqlbf-v2
// August 13th, 2009 // No Comments » // Projects
Name: bsqlbf-v2
Category: Blind SQL injection
Author/Owner: Sumit Siddharth
URL: http://code.google.com/p/bsqlbf-v2/
Description:
This tool allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. Databases supported:
- MS-SQL
- MySQL
- PostgreSQL
- Oracle
The tool supports 6 attack modes(-type switch):-
- Type 0: Blind SQL Injection based on true and false conditions returned by back-end server
- Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.
- Type 2: Blind SQL Injection in “order by” and “group by”.
- Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)
- Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)
- Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)
