Sunday, July 24, 2011

ISR-Sqlget - Blind SQL Injection Tool

Databases supported:
- IBM DB2
- Microsoft SQL Server
- Oracle
- Postgres
- Mysql
- IBM Informix
- Sybase
- Hsqldb (www.hsqldb.org)
- Mimer (www.mimer.com)
- Pervasive (www.pervasive.com)
- Virtuoso (virtuoso.openlinksw.com)
- SQLite
- Interbase/Yaffil/Firebird (Borland)
- H2 (http://www.h2database.com)
- Mckoi (http://mckoi.com/database/)
- Ingres (http://www.ingres.com)
- MonetDB (http://www.monetdb.nl)
- MaxDB (www.mysql.com/products/maxdb/)
- ThinkSQL (http://www.thinksql.co.uk/)
- SQLBase (http://www.unify.com)

Evasion features:
- Full-width/Half-width Unicode encoding
- Apache non standard CR bypass
- mod_security bypass
- Random uppercase request transform
- PHP Magicquotes: encode every string using db CHR function or similar.
- Convert requests to hexadecimal values
- Avoid non-space replacing for /**/ or (\t) tab
- Avoid non || or + concatenation using db concat function or similar.
- Random user-agent
- Random proxy-server
- Random delay request

Common features:
- Database schemate download blacklist
- Cookie array support
- SSL support
- Proxy server support
- Database information dumped in csv format




Download
http://www.infobyte.com.ar/down/ISR-sqlget-1.0.0.tar.gz

Demo:
http://www.infobyte.com.ar/demo/ISR_sqlget_ISS_proventia_bypass.html

0 comments for "ISR-Sqlget - Blind SQL Injection Tool"

Post a Comment

background