SQL Power Injector 1.2 released
SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page.
Features for this release :
- Now support DB2 database
- Can create/edit ASCII characters preset in order to optimize the blind
SQL injection number of requests/speed - Can make the blind SQL injection case insensitive (useful with
characters preset) - New feature that will find the differences between the response page
of a positive answer with a negative one - Created a Firefox Plugin that will launch SQL Power Injector with all
the current page context (string parameters and cookies) - Created an extensive documentation used as a databases "Aide Memoire" that contains information related to SQL injection for each supported DBMS (System tables (with their column names and description), environment and session variables, functions, dangerous stored procs, etc...)
- Can create a range list that will replace the variable (<<@>>) inside
a blind SQL injection string and automatically play them for you - Automatic replaying a variable range with a predefined list from a
text file - New management console for Cookies used for the Load Page process
- Detect and add Cookies used during the Load Page process (Set-Cookie detection)
- Improved the User Interface to display contextual information (normal
vs blind mode) - New Datagrid has been added with the Cookies information, which can be injected in the same fashion than the String Parameter
- Improved the accuracy and reliability of the blind SQL injection
results (if a character cannot be found it’s replaced by the sun char (¤)) - Can edit the Referer
- View source now displays HTML in colors and can be customized in a XML file
- Can search in the View source
- Can choose an User-Agent from the menu (and even add new ones in the XML file)
- Threads are better managed and it’s now possible to raise it to the
number you wish (50 max in the application but can be changed in the
source code) - Can configure the application settings
- Support configurable proxies
- With SQL Server it is possible to use the TOP keyword
- Take in account the different syntax of MySQL 4.1.0 and lower with
higher versions in the database list - Various things redesigned and quality improvement
- Two integrated tools: Hex and Char encoder and MS SQL @options
interpreter - Problems when there is a Form tag inside another one (Bug fix)
- Bug with multi threads with cookies (Bug fix)
SQL Power Injector has been added to SD Tools Watch Process
Post scriptum
Compliance Mandates
|
Related Articles
Application Scanner |
|
Security Solutions |
|
SQL Power Injector |
|