Full Disclosure mailing list archives
Re: Framework for the aid of exploiting SQL injection
From: "David Litchfield" <davidl () ngssoftware com>
Date: Thu, 17 Nov 2005 18:20:42 -0000
Hi Roman,
Is there any recommended tool which helps to get databases tables, entries, structure, etc, given a particular SQL injection bug in one application? I mean, it should *automatically* try different sentences to figure out the names of the columns and in general, other useful info from the database. Perhaps a PoC of some of NGSSoftware's papers or a more elaborated tool...
I've just put up sqlinjector.zip on the databasesecurity.com website ( http://www.databasesecurity.com/webapplications.htm ). This is the tool (source and exe) you refer to. I never got around to completing it but it works as is - I'd rather the code was tidier.
HTH, David _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Framework for the aid of exploiting SQL injection Roman Medina-Heigl Hernandez (Nov 17)
- Re: Framework for the aid of exploiting SQL injection David Litchfield (Nov 17)
- Re: Framework for the aid of exploiting SQL injection Dave (Nov 18)
- Re: Framework for the aid of exploiting SQL injection Dave (Nov 19)
- Re: Framework for the aid of exploiting SQL injection Dave (Nov 18)
- Re: Framework for the aid of exploiting SQL injection nummish (Nov 19)
- Re: Framework for the aid of exploiting SQL injection David Litchfield (Nov 17)