Sumit Siddharth, modified a tool that was written by A. Ramos, for exploiting bling SQL-Injections against MySQL backend database. This
tool, we now know as BSQLBF or the Blind SQL Injections Brute Forcer tool has come from a long way. BSQLBF used to support only 2 modes of attack (bsqlbf-v2.1) previously. But, with passing time and better techniques, this tool now supports 6 modes of attack!This tool support six modes of attacks :
Type 0 : Blind SQL Injection based on true and false conditions returned by back-end server.
Type 1 : Blind SQL Injection based on true and error (e.g syntax error) returned by back-end server.
Type 2 : Blind SQL Injection in ‘order by’ and ‘group by’.
Type 3 : Extracting data with SYS privileges (Oracle DBMS eport extension exploit).
Type 4 : O.S code execution (ORACLE DBMS eport extension exploit).
Type 5 : Reading files (ORACLE DMBS eport extension exploit, baesd on java).
Databases supported by BSQLBF:
- MS-SQL
- MySQL
- PostgreSQL
- Oracle
Download bsqlbf-2.3
2 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
Continuing the Discussion