full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] BSQL Hacker - Adva

[Full-disclosure] BSQL Hacker - Advanced SQL Injection Framework / Tool

From: Ferruh Mavituna <ferruh_at_nospam>
Date: Tue Aug 19 2008 - 13:39:49 GMT
To: "Full Disclosure" <full-disclosure@lists.grok.org.uk>

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.

It ships with Automated Attack modules which allows to dump whole database:

  • SQL Server
  • MySQL (*experimental*)

Attack Templates :

  • MS Access
  • MySQL
  • PostgreSQL
  • MS SQL Server

Also you can write your own attack template for any other database as well ( *see the manual for details*). New attack templates and exploits for specific web application can be shared via Exploit Repository.

BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).

It supports :

It allows metasploit alike exploit repository to share and update exploits and attack tempate.

*Download, Screenshots, Source Code and More Information :* http://labs.portcullis.co.uk/application/bsql-hacker/<https://labs.portcullis.co.uk/application/bsql-hacker/>

*Injection Wizard Video:
*http://www.vimeo.com/1536040?pg=embed&sec=1536040 -- Ferruh Mavituna http://ferruh.mavituna.com

_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/