Sqlsus 0.7 with time based blind sql injection

Sqlsus is an open
source MySQL injection
and takeover tool,
written in perl. It is
used to test the
vulnerability of web
application. It uses
stacked subqueries and
an powerful blind
injection algorithm to
maximise the data
gathered per web
server hit.Using
multithreading on top of
that, sqlsus is an
extremely fast
database dumper, be it
for inband or blind
injection.
Sqlsus now supports
time-based blind
injection and
automatically detects
web server / suhosin /
etc.. lentgh restrictions.
The official Change
Log:
Added time-based blind
injection support (added
option "blind_sleep", and
renamed
"string_to_match" to
"blind_string").
It is now possible to
force sqlsus to exit
when it's hanging (i.e.:
retrieving data), by
hitting Ctrl-C more than
twice.
Rewrite of "autoconf
max_sendable", so that
sqlsus will properly
detect which length
restriction applies (WEB
server / layer above).
(removed option
"max_sendable", added
options "max_url_length"
and "max_inj_length")
Uploading a file now
sends it into chunks
under the length
restriction.
sqlsus now saves
variables after each
command, so that
forcing it to quit (or
killing it) will not discard
the changes that were
made.
Added a progress bar to
inband mode, sqlsus
now determines the
number of rows to be
returned prior to
fetching them.
get db (tables/columns)
in inband mode now
uses multithreading
(like everything else).
clone now uses count
(*) if available (set by
"get count" / "get db"),
instead of using fetch-
ahead.
In blind mode, "start"
will now test if things
work the way they
should, by injecting 2
queries : one true and
one false.
sqlsus now prints what
configuration options
are overriden (when a
saved value differs
from the configuration
file).
Bug Fixes:
Fixed some misuse of
the object returned by
LWP UserAgent that
could trigger a perl error.
Fixed a useless memory
consumption in the IPC
that could trigger an
"out of memory" error
(since 0.5RC1).
Removed a false error
display in backdoor sql
mode when using
INSERT, UPDATE,
DELETE, DROP, etc..
Download from Here:
http://
sqlsus.sourceforge.net/
download.html

Comments

Popular Posts