Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Yet another SQL injection framework

Yet another SQL injection framework

From: Guillermo Marro <gmmarro_at_flowgate.net>
Date: Thu, 19 Apr 2007 15:44:26 -0300

Hi List,

FG-Injector is a free tool that leverages the pentester's work by
facilitating the exploitation of SQL Injection vulnerabilities.

It includes a a powerful proxy feature for intercepting and modifying
HTTP requests, a network spy module to allow the analyst view HTTP
requests and their corresponding responses and an inference engine for
automating SQL injection exploitation.

The Inference Engine Module of the FG-Injector Framework automates the
generation and injection of SQL statements needed for exploitation of a
Blind SQL Injection. This module will work also for regular injections
using the same method. It can produce blind injections on web/app
servers using MS SQL Server, MySQL, and PostgresSql DBMSs.

Get both, sources and a windows binary from:

http://www.flowgate.net/?lang=en&seccion=herramientas

-G 

-- 
...........................................
Guillermo Marro
F L O W G A T E  Consulting
Maipu 778 - piso 1 - of 10
Rosario - 2000
Argentina
TEL: +54-341-4112511
FAX: +54-341-5291067
PGP: http://www.flowgate.net/PK/GM_FG.pub

Received on Apr 19 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos