jSQL Injection – Automatic SQL Database Injection

jSQL Injection is a Java application for automatic SQL database injection.

 

Automatic SQL Database Injection: jSQL Injection Automatic SQL Database Injection: jSQL Injection

 

Features:

  • GET, POST, header, cookie methods
  • Normal, error based, blind, time based algorithms
  • Automatic best algorithm selection
  • Multi-thread control (start/pause/resume/stop)
  • Progression bars
  • Shows URL calls
  • Simple evasion
  • Proxy setting
  • Distant file reading
  • Webshell deposit
  • Terminal for webshell commands
  • Configuration backup
  • Update checker
  • Admin page checker
  • Brute forcer (md5 mysql…)
  • Coder (encode decode base64 hex md5…)
  • Supports MySQL

 

 

Injection and local test

Running injection requires the URL of a local or distant server, and the name of parameter to inject.
For a local test, you can save the following PHP code into file ‘simulate_get.php’ and move it to the root folder of your web server (e.g /www), then use

http://127.0.0.1/simulate_get.php?lib=

and finally click Connect to read the local database:

<?php
    mysql_connect("localhost","root","");
    mysql_select_db("my_own_database");

    $result = mysql_query("SELECT * FROM my_own_table where my_own_field = ". $_GET['lib'])# time based
        ordie( mysql_error());# error based

    if( mysql_num_rows($result)!==0) echo " something ";# blind

    while( $row = mysql_fetch_array($result, MYSQL_NUM))
        echo join(',',$row);# normal?>

 

jsql

 

Automatic SQL Database Injection: jSQL Injection download

Leave a Reply

Your email address will not be published. Required fields are marked *