Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Official release of SQL Power Injector v1.0

from [Francois Larouche] Network Security [Permanent Link]
Subject: Official release of SQL Power Injector v1.0
Date: Mon, 13 Feb 2006 17:56:59 +0000 
Greeting list,

I have the pleasure to announce that SQL Power Injector is now officially available on my web site:

www.sqlpowerinjector.com

Here are some details about the application (more details could be found on the web site):

INTRODUCTION
============

SQL Power Injector is a graphical application created in .Net 1.1 that helps the penetrating tester to inject SQL commands on a web page.

For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode).

Moreover this application will get all the parameters you need to test the SQL injection, either by GET or POST method, avoiding thus the need to use several applications or a proxy to intercept the data.

FEATURES
=======

? Supported on Windows, Unix and Linux operating systems
? SQL Server, Oracle and MySQL compliant
? Load automatically the parameters on a web page (GET or POST)
? Find automatically the submit page
? Single SQL injection
? Blind SQL injection
o Comparison of true and false response of the page or results in the cookie
o Time delay
? Response of the SQL injection in a customized browser
? Fine tuning parameters injection
? Can parameterize the size of the length and count of the expected result to optimize the time taken by the application to execute the SQL injection
? Multithreading
? Option to replace space by empty comments /**/ against IDS or filter detection
? Automatically encode special characters before sending them
? Automatically detect predefined SQL errors in the response page
? Automatically detect a predefined word or sentence in the response page
? Real time result
? Possibility to inject an authentication cookie
? Can view the HTML code source of the returned page
? Detect automatically generic SQL error in the returned page

SUMMARY OF THE DIFFERENCES WITH THE OTHER EXISTING TOOLS
===========================================

?       Fine tuning parameters SQL injection
?       Time delay feature
?       Multithread feature
?       Response results in a customized browser

LICENSE
=====

Clarified Artistic License



-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Official release of SQL Power Injector v1.0, Francois Larouche <=
Previous by Date:  web-based risk management tool in SDLC, test . future
Next by Date:  Re: Crawl And interpret Flash files, Rogan Dawes
Previous by Thread:  web-based risk management tool in SDLC, test . future
Next by Thread:  Paper: Domain contamination by Amit Klein, Andrew van der Stock
Indexes:  [Date] [Thread] [Top] [All Lists]