Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Tool release: Bsqlbf-v2
From: "Sumit Siddharth" <sumit.siddharth () gmail com>
Date: Sat, 21 Jun 2008 10:40:47 +0100

Bsqlbf V2, Blind SQL Injection Brute Forcer
Bsqlbf was originally written by  A. Ramos from www.514.es and was intended
to exploit blind sql injection against mysql backend database. This is a
modified version of the same tool. It supports blind sql injection against
the following databases:-





It supports injection in string and integer fields. The feature which
separates this tool from all other sql injection tools is that it supports
custom SQL queries to be supplied with the -sql switch.

It supports 2 modes of attack(-type):

*Type 0*: Blind SQL Injection based on True And Flase response

*Type 1*: Blind SQL Injection based on True And Error

*Usage*: *$./bsqlbf-v2.pl -url -method post -match true
-database 0 -sql "select top 1 name from sysobjects where xtype='U'"*

*Download*: http://bsqlbf-v2.googlecode.com/files/bsqlbf-v2.1.zip

Send Your feedbacks/suggestions to sid-at-notsosecure(dot)com

Sumit Siddharth www.notsosecure.com

Sumit Siddharth
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Tool release: Bsqlbf-v2 Sumit Siddharth (Jun 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]