What is sqlifuzzer?
It's a wrapper for curl written in bash. It's also a tool that can be used to remotely identify SQL (and XPath) injection vulnerabilities. It does this by sending a range of injection payloads and examining the responses for signs of 'injectability'. If a parameter appears to be vulnerable, sqlifuzzer sends exploit payloads to extract data.
Like almost all web app scanners, sqlifuzzer includes OR 1=1 payloads; this means that there is a significant risk of data destruction, Denial of Service, and/or other undesirable implications for any host (or intermediary device) scanned using sqlifuzzer. sqlifuzzer is beta; don't use it in an environment that matters to you or anyone else. Do not use sqlifuzzer to scan hosts without the owner's permission.
Features :
- Payloads/tests for numeric, string, error and time-based SQL injection
- Support for MSSQL, MYSQL and Oracle DBMS's
- Automated testing of 'tricky' parameters like POST URL query and mulipart form parameters
- A range of filter evasion options:
- case variation, nesting, double URL encoding, comments for spaces, 'like' for 'equals' operator, intermediary characters, null and CRLF prefixes, HTTP method swapping (GETs become POSTs / POSTs become GETs)
- ORDER BY and UNION SELECT tests on vulnerable parameters to:
- enumerate select query column numbers
- identify data-type string columns in select queries
- extract database schema and configuration information
- Conditional tests to extract DBMS info when data extraction via UNION SELECT fails (i.e. no string type columns)
- Time delay based tests to extract DBMS info when data extraction via conditional methods fails (i.e. fully blind scenarios)
- Boolean response-based XPath injection testing and data extraction
- Support for automated detection and testing of parameters in POST URIs and multipart forms
- Scan 'state' maintenance:
- Halt a scan at any time - scan progress is saved and you can easily resume a scan from the URL where you stopped
- Specify a specific request number to resume a scan from
- Optional exclusion of a customizable list of parameters from scanning scope
- Tracking of parameters scanned and avoidance of re-scanning scanned parameters
- HTML format output with:
- links/buttons to send Proof of Concept SQL injection requests
- links to response difference files and to extracted data
Changelog V-0.6 : Fixed a bug preventing time based exploitation from being triggered
For Other Version |
For more information : -
http://code.google.com/p/sqlifuzzer/
Previous post regarding Sqlifuzzer -
http://santoshdudhade.blogspot.in/2012/05/sqlifuzzer-command-line-sql-injection.htm
0 comments:
Post a Comment