******** This Program is highly dangerous in the wrong hands. Be careful, and I hold no liability for your use, malicious or not. I do not recommend using this tool on .gov sites. Or on this site, since this site is bomb. *********

Download Link:
SPInjv1.2.rar

As its name suggests, it helps the penetrating tester inject SQL commands on a Web page.

It’s SQL Server, Oracle, MySQL, Sybase, and DB2 compliant, though it’s possible to use it with any existing DBMS using the inline injection (Normal mode). Normal mode is the SQL command that someone will put in the parameter sent to the server.

It also comes with a readme and tutorial for new users on the program interface at the top toolbar :)

The main effort done on this application was to make it as painless as possible to find and exploit a SQL injection vulnerability without using any browser. That is why you will notice that there is an integrated browser that will display the results of the injection parameterized in a way that any related standards SQL error will be displayed without the rest of the page. Of course, like many other features of this application, there are ways to parameterize the response of the server to make it as talkative to you as possible.

p.s. I have another tool that I created myself but it is only for sale as it will do error checking attempts on DBMS servers as well as blind injections.




Tags:
SQL, Mode, SQL Injector, Programming Languages, Databases, Software Development, Software/Web Development, Enterprise Software, Software, Data Management

nice thread. im new tho things like this and im just wondering with this toolcan you do things like.. a complete dump of usernames and passwords from a SQL database?

__________________

Yes, you can control the database completely once Auth access has been granted. this includes ftp and files as well.