Official release of SQL Power Injector v1.0



Greeting list,

I have the pleasure to announce that SQL Power Injector is now officially available on my web site:

www.sqlpowerinjector.com

Here are some details about the application (more details could be found on the web site):

INTRODUCTION
============

SQL Power Injector is a graphical application created in .Net 1.1 that helps the penetrating tester to inject SQL commands on a web page.

For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode).

Moreover this application will get all the parameters you need to test the SQL injection, either by GET or POST method, avoiding thus the need to use several applications or a proxy to intercept the data.

FEATURES
=======

? Supported on Windows, Unix and Linux operating systems
? SQL Server, Oracle and MySQL compliant
? Load automatically the parameters on a web page (GET or POST)
? Find automatically the submit page
? Single SQL injection
? Blind SQL injection
o Comparison of true and false response of the page or results in the cookie
o Time delay
? Response of the SQL injection in a customized browser
? Fine tuning parameters injection
? Can parameterize the size of the length and count of the expected result to optimize the time taken by the application to execute the SQL injection
? Multithreading
? Option to replace space by empty comments /**/ against IDS or filter detection
? Automatically encode special characters before sending them
? Automatically detect predefined SQL errors in the response page
? Automatically detect a predefined word or sentence in the response page
? Real time result
? Possibility to inject an authentication cookie
? Can view the HTML code source of the returned page
? Detect automatically generic SQL error in the returned page

SUMMARY OF THE DIFFERENCES WITH THE OTHER EXISTING TOOLS
===========================================

? Fine tuning parameters SQL injection
? Time delay feature
? Multithread feature
? Response results in a customized browser

LICENSE
=====

Clarified Artistic License



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



Relevant Pages

  • RE: SQL Smuggling
    ... Its several methods for encoding sql queries or tricking multi layered input validation/sanitisation routines, none of which are new, all of which are implemented by every pen/app tester i have ever worked with. ... of SQL Injection that has not received attention till now. ... As for attacks against signature validation... ... SQL injection attacks against commonly broken data validation routines. ...
    (Bugtraq)
  • Re: SQL Smuggling
    ... of SQL Injection that has not received attention till now. ... "This paper will present a new class of attack, called SQL Smuggling. ... Relying on data validation alone will eventually land you in hot water. ... As for attacks against signature validation... ...
    (Bugtraq)
  • Official release of SQL Power Injector 1.2
    ... One of the major improvements is an innovative way to optimize and accelerate the dichotomy in the Blind SQL injection, saving time/number of requests up to 25%. ... Also another great time saver is a new Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context. ... No more time wasted to copy paste the session cookies after you logged... ...
    (Bugtraq)
  • Official release of SQL Power Injector 1.2
    ... One of the major improvements is an innovative way to optimize and accelerate the dichotomy in the Blind SQL injection, saving time/number of requests up to 25%. ... Also another great time saver is a new Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context. ... No more time wasted to copy paste the session cookies after you logged... ...
    (Pen-Test)
  • Official release of SQL Power Injector 1.2
    ... One of the major improvements is an innovative way to optimize and accelerate the dichotomy in the Blind SQL injection, saving time/number of requests up to 25%. ... Also another great time saver is a new Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context. ... No more time wasted to copy paste the session cookies after you logged... ...
    (Security-Basics)