Jump to content
tomyk

The Mole v0.3 Released : Automatic SQL Injection Exploitation Tool

Recommended Posts

Posted

new_mole.png

Nasel has just released the new version of The Mole, an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

This release has introduced new features compared with the previous one, among these you can find that The Mole is now able to exploit injections thourgh cookie parameters. A new promising feature is that now you can exploit injections that return binary data, to achieve this the mole uses uses HEAD requests and analyzes the headers received (the size of the binary to download usually differs when the query was successful or not) and does not need to download the full binary data.

In this release there has been a major change in the The Mole's architecture, and now allows to easily insert filters in order to bypass IPS/IDS rules or modify the query on runtime. You can see a tutorial on how to write these filters in the tutorial section of the tool's site.

Features

Support for injections using Mysql, SQL Server, Postgres and Oracle databases.

Command line interface. Different commands trigger different actions.

Auto-completion for commands, command arguments and database, table and columns names.

Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.

Exploits SQL Injections through GET/POST/Cookie parameters.

Developed in python 3.

Exploits SQL Injections that return binary data.

Powerful command interpreter to simplify its usage.

Download :Downloads | The Mole

Tutorial:Tutorial | The Mole

Sursa:The Hacker News [ THN ] - Updates to Security Experts and Hackers

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...