Compilation of SQL Injection Auxiliary Tools

Today, I changed a small script that was originally written because of the need, and added a small feature of mysql error reporting method blind injection. This feature should be available in sqlmap. It has never been used for a long time, in windows, the Havij 1.14 Pro tool also uses this method for blind injection, so the speed is very fast.

In addition, we try to write a web Vulnerability Detection Program in C language.
The initial implementation is to crawl the webpage, extract the url, then extract the url parameters, and then determine whether there is injection. These things are available on the Internet. I implement this kind of things mainly to test and improve the knowledge of C programming. On the other hand, I write something that can be expanded at will, and I know what the program is doing when I use it. Some mental retardation injections have been initially detected, and there are still many improvements. It is not that simple to write a small tool, I always have the urge to find a reference to the code.

[Root @ localhost] #./bget. pl

| = -------------- = |
| = -- [Blind SQL Injector V1.3] --- = |
| = --- [C4rp3nt3r@0x50sec.org] --- = |
| = -------------- = |

Choose a number to be execute:
[0] SQL (from [STDIN])
[1] version ()
[2] database ()
[3] user ()
[4] dump table_schema v5.x
[5] dump table_name (table_schem = database () v5.x)
[6] dump column_name (table_name = [STDIN] v5.x)
[7] fuzz table_name v4.x
[8] fuzz column_name v4.x
[9] fuzz web path ('read httpd. conf ')
[A] load_file ('/etc/passwd ')
[B] load_file ('C: \ boot. ini ')
[C] load_file ('file path from [STDIN] ')
[D] load_file ('file path from [STDIN] error base ')
[E] dump table_schema (v5.x error base)
[F] dump table_name (table_schem = database () v5.x error base)
[G] dump column_name (table_name = [STDIN] v5.x error base)
[X] SQL (from [STDIN] error base)

Choose a number #

From: 0x50sec.org