Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Version 3.2.1.1020

• Support Microsoft SQL Server 2008;
• Improved SQL Injection for MySQL. Support detecting function Unhex().
• New option added Scan->Extend scan mode. Optimize ability to Inject.
• Improved Cookie detection. Multiple URL redirection will be Inject correctly.

Databases Supported

• Access: Informations (Database Path; Root Path; Drivers); Data
• MSSql: Informations; Data; FileReader; RegReader; FileWriter; Cmd; DirTree
• MySql: Informations; Data; FileReader; FileWriter;
• Oracle: Informations (Version; IP; Database; Accounts); Data; and any others;
• Informix: Informatons; Data
• DB2: Informatons; Data; and more;
• Sybase: Informatons; Data; and more;
• PostgreSQL: Informatons; Data; FileReader;
• Sqlite: Informatons; Data