Nytro Posted November 16, 2010 Report Posted November 16, 2010 Am vazut ca sunt multi fani ai acestui program. A aparut aceasta versiune de curand.Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.Havij v1.13 Advanced SQL Injection Tool released. New features of this version are: * Oracle error based database added with ability to execute query. * Getting tables and column when database name is unknown added (mysql) * Another method added for finding columns count and string column in PostgreSQL * Automatic keyword finder optimized and some bugs fixed. * A bug in finding valid string column in mysql fixed. * 'Key is not unique' bug fixed * Getting data starts from row 2 when All in One fails - bug fixed * Run time error when finding keyword fixed. * False table finding in access fixed. * keyword correction method made better * A bug in getting current data base in mssql fixed. * A secondary method added when input value doesn't return a normal page (usually 404 not found) * Data extraction bug in html-encoded pages fixed. * String or integer type detection made better. * A bug in https injection fixed.How to useThis tool is for exploiting SQL Injection bugs in web application.For using this tool you should know a little about SQL Injections.Enter target url and select http method then click Analyze.Note: Try to url be valid input that returns a normal page not a 404 or error page.Informatii:http://itsecteam.com/en/projects/project1.htmDescarcare:http://itsecteam.com/files/havij/Havij1.13Free.rarPS: Nu l-am incercat, nu stiu daca e infectat, dar daca il luati de pe site-ul oficial, de la link-ul postat nu cred ca o sa fie probleme. Quote
tdxev Posted November 17, 2010 Report Posted November 17, 2010 Da îl folosesc pentru admin finder nu pentru sql dumper . Ca sql dumper mi-a dovedit c? este în stare s? se bloceaze chiar ?i când ii fac sintaxa manual ?i ii arat din ce coloana sa extrag? datele. Quote