Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "SQL injection/mysqli-blindutils"

From NetSec
Jump to: navigation, search
Line 8: Line 8:
 
# [[sqli-p.pl]] - A [[perl]] script that uses [[boolean enumeration]] to retrieve data.
 
# [[sqli-p.pl]] - A [[perl]] script that uses [[boolean enumeration]] to retrieve data.
 
# [[sqli-slee.py]] - A [[python]] script that uses a [[boolean timing attack]] for data extraction.
 
# [[sqli-slee.py]] - A [[python]] script that uses a [[boolean timing attack]] for data extraction.
 +
 +
{{warning|<center>End user is responsible for his or her own actions when using this software.  It is a crime to use this software against any system that you do not own without written consent.</center>}}

Revision as of 00:06, 19 November 2012

Main article: Web exploitation tools

mysqli-blindutils is a package of various blind SQL injection utilities capable of extracting data from remote MySQL databases.


Package contents:

  1. sqli-hap.py - A python script that uses comparative precomputation to exceed the speeds of boolean enumeration during data retrieval.
  2. sqli-p.pl - A perl script that uses boolean enumeration to retrieve data.
  3. sqli-slee.py - A python script that uses a boolean timing attack for data extraction.
RPU0j.png
End user is responsible for his or her own actions when using this software. It is a crime to use this software against any system that you do not own without written consent.