Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Official release of SQL Power Injector v1.0

from [Francois Larouche] Network Security [Permanent Link]
Subject: Official release of SQL Power Injector v1.0
Date: Mon, 13 Feb 2006 17:57:22 +0000 
Greeting list,

I have the pleasure to announce that SQL Power Injector is now officially available on my web site:

www.sqlpowerinjector.com

Here are some details about the application (more details could be found on the web site):

INTRODUCTION
============

SQL Power Injector is a graphical application created in .Net 1.1 that helps the penetrating tester to inject SQL commands on a web page.

For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode).

Moreover this application will get all the parameters you need to test the SQL injection, either by GET or POST method, avoiding thus the need to use several applications or a proxy to intercept the data.

FEATURES
=======

? Supported on Windows, Unix and Linux operating systems
? SQL Server, Oracle and MySQL compliant
? Load automatically the parameters on a web page (GET or POST)
? Find automatically the submit page
? Single SQL injection
? Blind SQL injection
o Comparison of true and false response of the page or results in the cookie
o Time delay
? Response of the SQL injection in a customized browser
? Fine tuning parameters injection
? Can parameterize the size of the length and count of the expected result to optimize the time taken by the application to execute the SQL injection
? Multithreading
? Option to replace space by empty comments /**/ against IDS or filter detection
? Automatically encode special characters before sending them
? Automatically detect predefined SQL errors in the response page
? Automatically detect a predefined word or sentence in the response page
? Real time result
? Possibility to inject an authentication cookie
? Can view the HTML code source of the returned page
? Detect automatically generic SQL error in the returned page

SUMMARY OF THE DIFFERENCES WITH THE OTHER EXISTING TOOLS
===========================================

?       Fine tuning parameters SQL injection
?       Time delay feature
?       Multithread feature
?       Response results in a customized browser

LICENSE
=====

Clarified Artistic License



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Official release of SQL Power Injector v1.0, Francois Larouche <=
Previous by Date:  RE: sql injection: url or form based?, LAROUCHE Francois
Next by Date:  Rookie question about differences between -S and -sI option, Mark Fosseth
Previous by Thread:  Re: an anternative to port-knoking using the OpenBSD pf only, poplix
Next by Thread:  Rookie question about differences between -S and -sI option, Mark Fosseth
Indexes:  [Date] [Thread] [Top] [All Lists]