Full Automated Column Finder for SQL Injection released

Edit 23th May: Version 1.1 released.

Today I released the Full Automated Column Finder for SQL Injection (Python script). It is a column fuzzer which helps you saving time.
[Download here]

Description
The Full Automated Column Finder helps you to determine the correct amount of columns of the current SQL query. It is useful for SQL injection and safes you some time fuzzing manually.
After the correct amount of columns was found, a sample URL for exploiting the SQL injection vulnerability can be displayed.

Full Automated Column Finder for SQL Injection by Valentin Hoebel

Example: Let’s say you found a SQL injection vulnerability within a website and want to exploit it by using UNION SELECT.
E.g. http://127.0.0.1/index.php?id=[SQL Injection]

You would have to determine the amount of table columns first before you successfully can start exploiting the vulnerability. My tool can help to save time:

root@localhost: python column_finder.py -u http://127.0.0.1/index.php?id=1
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Full Automated Column Finder for SQL Injectionby Valentin Hoebel (valentin@xenuser.org)
Version: 1.0 (22th May 2010)
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>> Checking if connection can be established…
>> Connected to target! URL seems to be valid.
>> Trying to find the correct number of columns…
>> Correct number of columns found!
>> Amount:  23
>> Do you want to have a sample URL for exploiting? (Yes/No) No
>> Ok, bye =)

One thought on “Full Automated Column Finder for SQL Injection released

Comments are closed.