 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 306
 Members: 0
 Total: 306
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
I need SQL Injection Exploit tool |
|
 Posted: Sun Feb 05, 2006 3:27 am |
 |
|
| yak |
| Beginner |
 |
|
| Joined: Feb 05, 2006 |
| Posts: 1 |
|
|
|
 |
|
 |
|
Hi everyone,
I need a tool that can exploit SQL Injection websites and download their databases to my PC. I need it very much. I tried many tools before but not success 
Would you pls share me that tool?
Thanks a lot. |
|
|
|
|
|
Re: I need SQL Injection Exploit tool |
|
| Posted: Wed Mar 22, 2006 11:07 pm |
|
|
| nooob |
| Beginner |
|
|
| Joined: Mar 23, 2006 |
| Posts: 2 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Thu Mar 23, 2006 1:00 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Posted: Sat Apr 15, 2006 10:02 pm |
|
|
| Indiction |
| Regular user |
|
|
| Joined: Apr 12, 2006 |
| Posts: 11 |
|
|
|
|
|
|
|
basic perl script for injection
| Code: |
#!/etc/bin/perl
# replace this line with #!C:\Perl\bin\perl on a Windows system
# provided AS-IS, no warranty, expressed or implied
# this program is completely in the public domain: you can modify it at will
# with Windows, use ActivePerl www.activestate.com
# UNIX should already have it preinstalled
use IO::Socket;
if(@ARGV < 3)
{
die "usage: perl sqlinj.pl server path string\n";
}
$server = $ARGV[0];
$path = $ARGV[1];
$string = $ARGV[2];
# this method uses GET
$sock = IO::Socket::INET->new(Proto => 'tcp', PeerAddr => "$server", PeerPort => 80) or die "could not connect to the server: $!\n";
$inject = sprintf("%s?%s", $path, $string);
print $sock "GET $inject HTTP/1.1\n"
print $sock "User-Agent: sqlinj.pl/1.0 (Windows NT 5.1; U; en)\n"; # feel free to change if not WinXP
print $sock "Host: www.$server\n";
print $sock "Accept: */*\n";
print $sock "Connection: close\n\n";
while($data = <$sock>)
{
print "$data";
}
print "\n[output complete.]\n";
|
|
|
|
|
|
|
|
|
|
| Posted: Sat May 13, 2006 2:01 pm |
|
|
| julia |
| Beginner |
|
|
| Joined: May 13, 2006 |
| Posts: 2 |
|
|
|
|
|
|
|
| Indiction wrote: | basic perl script for injection
| Code: | | [... Too long to quote ...] |
|
There is an error:
| Code: | C:\Borland\BCC55_2\Include>perl C:\***\sql_injector.pl
syntax error at C:\***\sql_injector.pl line 25, near "print"
Execution of C:\***\sql_injector.pl aborted due to compilation erro
rs. |
??? |
|
|
|
|
|
|
|
|
| Posted: Sat May 13, 2006 2:17 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
First, I suggest to use ActivePerl on Windows platform:
http://www.activestate.com/Products/ActivePerl/?mp=1
Second, looking @ this perl script, it seems useless for me. Just empty container for GET request. No functionality at all.
Third - UserAgent string like "User-Agent: sqlinj.pl/1.0 (Windows NT 5.1; U; en)" is very bad practice. Just emulate IE or firefox, so server logs are cleaner after attacking.
Fourth - I suggest to try POST and/or COOKIE attack vectors in case of php based target. Becasue in this way web server will not log attack attempt details at all (in most cases). |
|
|
|
|
| Posted: Wed May 17, 2006 12:26 am |
|
|
| trace |
| Regular user |
|
|
| Joined: May 17, 2006 |
| Posts: 8 |
|
|
|
|
|
|
|
| I have some tools have to do with SQLinjector,but those writen by chinaese. |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
