Five famous free SQL injection vulnerability scanning tools

Source: Internet
Author: User
Tags sybase strong password

A large number of modern enterprises use web applications to connect seamlessly with their customers. However, incorrect coding causes many security problems. Vulnerabilities in Web applications allow hackers to directly access sensitive information (such as personal data and logon information.

Web applications allow visitors to submit data and retrieve data from databases over the Internet. Databases are at the heart of most web applications. The database maintains the data that a Web application delivers to visitors. When a web application delivers information to customers and suppliers, it also obtains data from the database.

SQL injection is the most common web application attack technology, which attempts to bypass SQL commands. If user input is not "purified", an SQL injection vulnerability occurs when such input is executed.

The SQL injection vulnerability check mainly involves two aspects: one is to audit users' web applications, and the other is to use the automated SQL Injection scanner to perform review. Here, I listed some SQL Injection scanning programs that are valuable to Web application developers and professional security auditors.

I. sqlier

Sqlier can find a URL with the SQL injection vulnerability on the website and generate the SQL injection vulnerability based on the relevant information, but it does not require user interaction. In this way, it can generate a union SELECT query, which can attack the Database Password. This program does not use quotation marks when exploiting vulnerabilities, which means it can adapt to multiple websites.
Sqlier uses "True/false" SQL to inject a strong password for the vulnerability. With the powerful password of the "true/false" SQL injection vulnerability, you cannot query data from the database. You can only query one statement that returns the "true" and "false" values.

According to statistics, it takes about one minute to crack an eight-character password (including any character in the ASCII code.
The syntax is as follows: sqlier [Option] [url]

The options are as follows:

-C: [host] clears vulnerability exploitation information of the host.
-S: [seconds] The number of seconds to wait between webpage requests
-U: [user name] user names that are strongly attacked from the database, separated by commas.
-W: [Option] submit [Option] To wget
In addition, this program also supports guessing the field name, there are several options:
-- Table-Names [Table name]: names of tables that can be guessed, separated by commas.
-- User-fields [user field]: names of user name fields that can be guessed, separated by commas.
-- Pass-fields [Password Field]: name of the password field that can be guessed, separated by commas.

The basic usage is as follows:

For example, suppose there is an SQL injection vulnerability in the following URL:
Http://example.com/sqlihole.php? Id = 1
Run the following command:
Sqlier-S 10 http://example.com/sqlihole.php? Id = 1 get enough information from the database to use its password. The number "10" indicates that you need to wait for 10 seconds for each query.

If the table, User Name field, and password field name are correctly guessed, the vulnerability exploitation program will deliver the user name for query and prepare a strong attack password from the database.

Sqlier-S 10 example.com-u bcable, Administrator, root, user4

However, if the built-in field/table name is not correctly guessed, You can execute:

Sqlier-S 10 example.com -- table-Names [table_names] -- User-fields [user_fields] -- pass-fields [pass_fields]

Sqlier cannot attack the password from the database unless the correct table name, User Name field, and password field name are known. 1:


Figure 1
Ii. sqlmap:

This is an automatic "blind" SQL injection tool developed in Python. It can execute a dynamic fingerprint identification of the database management system and provide complete and exhaustive remote databases. Its goal is to implement a complete functional database management system tool, which can take advantage of all the defects set by web applications. These security defects can lead to SQL injection vulnerabilities.

After sqlmap detects one or more SQL injection vulnerabilities on the target system, you can choose from multiple options to perform full back-end database management system fingerprint recognition, retrieves session users and databases in the database management system, provides users, password hashing, and databases, runs SQL select statements, and reads specific files in the file system.

This software fully supports backend database management systems such as MySQL, Oracle, PostgreSQL, and Microsoft SQL Server. In addition, it also recognizes Microsoft's Access database, as well as DB2, Informix, Sybase, and InterBase.

The usage is as follows:

Sqlmap. py [Option] {-u |-G |-C <Configuration File>}
Where-u URL specifies the target URL
-G Google dork processes Google dork results as target URLs

Iii. sqlid:

This tool is an SQL injection vulnerability mining tool and a command line utility that can find SQL Injection Vulnerabilities and Common Errors on websites. It can perform the following operations: Search for SQL injection vulnerabilities on the web page, test the submitted forms, and find the possibility of SQL injection vulnerabilities. It also supports HTTP, https, and basic authentication.

The usage is as follows:

Sqid. RB [Option]

The options are as follows:

-M, -- Mode mode, which indicates to operate in a certain mode. The mode has the following conditions: G, Google: operate in Google search mode; U, URL check this URL; p, page, which mainly checks a single webpage; C, crawl, and site.
Among them, the Google search mode options include-Q, -- quary query, and query to perform Google search;-S, -- start, -R, -- Results indicates the number of results required. The default value is 20.
Iv. SQL power injector

SQL power injector helps penetration testers find and exploit vulnerabilities on the web page. Currently, it supports databases such as SQL Server, Oracle, MySQL, Sybase/adaptive sever, and DB2. However, when using inline injection, you can also use the existing database management system to use this software.

Its Automatic working mode is implemented in two ways. One is the expected result, and the other is the time delay.

Its working status 2:

Figure 2

V. sqlninja:

Sqlninja can exploit the vulnerability of applications that support SQL server back-end data. Its main goal is to provide remote access to vulnerable database servers. Sqlninja's behavior is controlled by the configuration file, which tells the sqlninja attack target and method, and some command line options. For example, the following command options are available:

-M <attack mode>: the attack modes include test, fingerprint, and bruteforce;

For other Command Options,-V indicates detailed output;-F <Configuration File> indicates a configuration file used. -W <word list> indicates the list of words used in strong attack mode.

3 is the running process interface:

 
Figure 3

 

This article from the hacker base-the world's largest Chinese hacker site Source: http://www.hackbase.com/tech/2008-09-11/41659.html

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.