Foro de

Seguridad Informática => Nivel Web => Mensaje iniciado por: Guide_Shen en 18 Julio 2007, 12:14 pm

Título: SQL Power Injector
Publicado por: Guide_Shen en 18 Julio 2007, 12:14 pm
* Supported on Windows, Unix and Linux operating systems
* SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant
* SSL support
* Load automatically the parameters from a form or a IFrame on a web
page (GET or POST)
* Detect and browse the framesets
* Option that auto detects the language of the web site
* Detect and add cookies used during the Load Page process (Set-Cookie

* Find automatically the submit page(s) with its method (GET or POST)
displayed in a different color
* Can create/modify/delete loaded string and cookies parameters directly
in the Datagrids
* Single SQL injection
* Blind SQL injection
- Comparison of true and false response of the page or results in
the cookie
- Time delay
* Response of the SQL injection in a customized browser
* Can view the HTML code source of the returned page in HTML contextual
colors and search in it
* Fine tuning parameters and cookies injection
* Can parameterize the size of the length and count of the expected
result to optimize the time taken by the application to execute the SQL
* Create/edit ASCII characters preset in order to optimize the blind SQL
injection number of requests/speed
* Multithreading (configurable up to 50)
* Option to replace space by empty comments /**/ against IDS or filter
* Automatically encode special characters before sending them
* Automatically detect predefined SQL errors in the response page
* Automatically detect a predefined word or sentence in the response page
* Real time result
* Save and load sessions in a XML file
* Feature that automatically finds the differences between the response
page of a positive answer with a negative one
* Can create a range list that will replace the variable (<<@>>) inside
a blind SQL injection string and automatically play them for you
* Automatic replaying a variable range with a predefined list from a
text file
* Firefox plugin that will launch SQL Power Injector with all the
information of the current webpage with its session context (parameters
and cookies)
* Two integrated tools: Hex and Char encoder and MS SQL @options
* Can edit the Referer
* Can choose a User-Agent (or even create one in the User-Agent XML file)
* Can configure the application with the settings window
* Support configurable proxies

Hace unos dias descargue la nueva version 1.2, y me parece un tool muy util, viene con un addon para mozilla firefox lo cual facilita mucho las busquedas
Me parecio un tool util y quize compartirlo, espero no romper las reglas del foro
Instalador (

Título: Re: SQL Power Injector
Publicado por: yeikos en 18 Julio 2007, 13:40 pm
No me convence mucho, la única opción que por la que me podría decantar sería la de brute forcing para blind SQL Inyection y por lo que veo no tiene nada parecido.