Thursday, June 7, 2007

SQL Injection for Dummies

I was browsing my usual places and came across this gem. Pretty cool tool! To give credit where credit is due, I originally found it on the "Darknet - The Darkside" blog, but hey it's good stuff so I'll pass it along.

Here is the write-up from the author's site:

SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities. It supports time based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and doesn’t require non-standard libraries (there is some code in there for pycurl, but it is disabled because it isn’t finished).

Enough said! Here's the link to go get it yourself, and experiment. Remember, this is for educational and experimental purposes only. Please don't use it on appliations/servers you don't own and have rights to!

Link to the SQLBrute tool.

No comments: