Jump to content
Eric

jSQL Injection: a java tool for automatic database injection

By Eric, in Programe utile

Recommended Posts

Eric Newbie

Eric

Posted
Posted

An easy to use SQL injection tool for retrieving database informations from a distant server.

You can discuss about jSQL Injection on the discussion group.

jSQL Injection features: 

GET, POST, header, cookie methods
normal, error based, blind, time based algorithms
automatic best algorithms detection
data retrieving progression
proxy setting
evasion

For now supports MySQL.

Running injection requires the distant server url and the name of the parameter to inject.

If you know an injection should work but the jSQL tool doesn't access the database, you can inform me by email or use the discussion group.

For a local test, you can use the following PHP source code with the URL http://127.0.0.1/simulate_get.php?lib= : 


mysql_connect("localhost", "root", "");
mysql_select_db("my_own_database");

$result = mysql_query("SELECT * FROM my_own_table where my_own_field = {$_GET['lib']}") # time based
or die( mysql_error() ); # error based

if(mysql_num_rows($result)!==0) echo" true "; # blind

while ($row = mysql_fetch_array($result, MYSQL_NUM))
    echo join(',',$row); # normal

jsql-injection - jSQL Injection is a java tool for automatic database injection. - Google Project Hosting

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...