jSQL Injection features:
- GET, POST, header, cookie methods
- normal, error based, blind, time based algorithms
- automatic best algorithms detection
- data retrieving progression
- proxy setting
- evasion
For now supports MySQL.
Running injection requires the distant server url and the name of the parameter to inject.
If you know an injection should work but the jSQL tool doesn't access the database, you can inform me by email or use the discussion group.
For a local test, you can use the following PHP source code with the URL http://127.0.0.1/simulate_get.php?lib= :
mysql_connect("localhost", "root", "");
mysql_select_db("my_own_database");
$result = mysql_query("SELECT * FROM my_own_table where my_own_field = {$_GET['lib']}") # time based
or die( mysql_error() ); # error based
if(mysql_num_rows($result)!==0) echo" true "; # blind
while ($row = mysql_fetch_array($result, MYSQL_NUM))
echo join(',',$row); # normal
Changelog version 0.2 :
- new buttons: start, stop, pause, resume
- timeout of 15 seconds for each requests (avoid unresponsive window)
- stopping a request processes and loads the data it has already found (when possible)
- new tabs: chunk, binary, header
- new method: timebased
- evasion: space to /**/, lower to mixed case (select to sElEcT)
- errorbased multilang message (Duplicate entry '1' for key, Duplicata du champ '1' pour la clef, etc)
- contact informations
- smoother graphic design
Download -
Download other versions -
0 comments:
Post a Comment