SQLPlus v0.3 available
sqlsus is an open source MySQL injection and takeover tool,
written in perl.
Using a command line interface that mimics a mysql console, you can retrieve the databases structure, inject SQL queries, download files from the web server, upload and control a backdoor, clone the databases, and much more...
It is designed to maximize the amount of data gathered per server hit,
making the best use (I can think of) of MySQL functions to optimise the
available injection space.
sqlsus is focused on PHP/MySQL installations, and integrates some neat
features, some of them really specific to this DBMS.
Tool Submitted by Maximiliano Soler
|Penetration testing & Ethical Hacking||