[MacPorts] #31900: add SQl Injection brute to the ports tree
MacPorts
noreply at macports.org
Fri Nov 4 10:12:44 PDT 2011
#31900: add SQl Injection brute to the ports tree
---------------------------------------+------------------------------------
Reporter: fyodor.vassiley@… | Owner: macports-tickets@…
Type: request | Status: new
Priority: Low | Milestone:
Component: ports | Version: 2.0.3
Keywords: CEHv7 SQL Injection | Port:
---------------------------------------+------------------------------------
http://www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/
SQLBrute is a tool for brute forcing data out of databases using blind SQL
injection vulnerabilities. It supports time based and error based exploit
types on Microsoft SQL Server, and error based exploit on Oracle. It is
written in Python, uses multi-threading, and doesn’t require non-standard
libraries (there is some code in there for pycurl, but it is disabled
because it isn’t finished).
For error based SQL injection, SQLBrute should work, if you can either:
Get an identifiable difference between adding the exploit strings AND
1=1 and AND 1=2 to your SQL injection point (usually works if the query is
normally valid)
Get an identifiable difference between adding the exploit strings OR
1=1 and OR 1=2 to your SQL injection point (usually works if the query is
normally invalid)
For time based SQL injection, SQLBrute should work if you can use exploit
syntax similar to ;waitfor delay ’0:0:5′ to generate a time delay in
Microsoft SQL Server.
--
Ticket URL: <https://trac.macports.org/ticket/31900>
MacPorts <http://www.macports.org/>
Ports system for Mac OS
More information about the macports-tickets
mailing list