SQLiX is a SQL Injection scanner coded in Perl. It is able to crawl, detect SQL injection vectors, identify the back-end database, and grab function call/UDF results (even execute system commands for MS-SQL). The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind SQL injection vectors and doesn't need to reverse engineer the original SQL request (using only function calls)
OWASP SQLiX provides:
SQLiX uses multiple techniques to determine if the current server-side script is vulnerable to SQL Injection
conditional errors injection
blind injection based on integers, strings or statements
MS-SQL verbose error messages ("taggy" method)
SQLiX using UDF (User defined functions) or function calls thus no need to reverse engineer the original SQL syntax
SQLix is able to identify the database version and gather sensitive information for the following SQL servers: MS-Access, MS-SQL, MySQL, Oracle and PostgreSQL.
The comparison module of SQLiX is able to deal with complex HTML contents even when they include dynamic ads
SQLiX contains an exploit module to demonstrate how a hacker could exploit the found SQL injection to gather sensitive information
download :
OWASP SQLiX provides:
SQLiX uses multiple techniques to determine if the current server-side script is vulnerable to SQL Injection
conditional errors injection
blind injection based on integers, strings or statements
MS-SQL verbose error messages ("taggy" method)
SQLiX using UDF (User defined functions) or function calls thus no need to reverse engineer the original SQL syntax
SQLix is able to identify the database version and gather sensitive information for the following SQL servers: MS-Access, MS-SQL, MySQL, Oracle and PostgreSQL.
The comparison module of SQLiX is able to deal with complex HTML contents even when they include dynamic ads
SQLiX contains an exploit module to demonstrate how a hacker could exploit the found SQL injection to gather sensitive information
download :
کد:
http://www.mediafire.com/?5lbt0tb1jee