Ascii for Breakfast » column fuzzer http://www.xenuser.org Tue, 29 Nov 2011 23:19:03 +0000 en hourly 1 http://wordpress.org/?v=3.0.4 Simple SQL Injection Vulnerability Scanner 0.5 released http://www.xenuser.org/2010/06/17/simple-sql-injection-vulnerability-scanner-0-5-released/ http://www.xenuser.org/2010/06/17/simple-sql-injection-vulnerability-scanner-0-5-released/#comments Thu, 17 Jun 2010 21:15:45 +0000 valentin http://www.xenuser.org/?p=947 Today I am releasing version 0.5 of my Simple SQL Injection Vulnerability Scanner.
[Download here]

It contains all the features from the first released version 0.3 and now contains – in addition – a column fuzzer. Simply start a scan by using python sqli_scanner.py -u “target” and then start fuzzing by using the parameter -fuzz “exploit url”. The exploit url will be provided by the scanner (when a vulnerability was found).

]]> http://www.xenuser.org/2010/06/17/simple-sql-injection-vulnerability-scanner-0-5-released/feed/ 0 Full Automated Column Finder for SQL Injection released http://www.xenuser.org/2010/05/22/full-automated-column-finder-for-sql-injection-released/ http://www.xenuser.org/2010/05/22/full-automated-column-finder-for-sql-injection-released/#comments Sat, 22 May 2010 16:58:28 +0000 valentin http://www.xenuser.org/?p=782 Edit 23th May: Version 1.1 released.

Today I released the Full Automated Column Finder for SQL Injection (Python script). It is a column fuzzer which helps you saving time.
[Download here]

Description
The Full Automated Column Finder helps you to determine the correct amount of columns of the current SQL query. It is useful for SQL injection and safes you some time fuzzing manually.
After the correct amount of columns was found, a sample URL for exploiting the SQL injection vulnerability can be displayed.

Full Automated Column Finder for SQL Injection by Valentin Hoebel

Example: Let’s say you found a SQL injection vulnerability within a website and want to exploit it by using UNION SELECT.
E.g. http://127.0.0.1/index.php?id=[SQL Injection]

You would have to determine the amount of table columns first before you successfully can start exploiting the vulnerability. My tool can help to save time:

root@localhost: python column_finder.py -u http://127.0.0.1/index.php?id=1
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Full Automated Column Finder for SQL Injectionby Valentin Hoebel (valentin@xenuser.org)
Version: 1.0 (22th May 2010)
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>> Checking if connection can be established…
>> Connected to target! URL seems to be valid.
>> Trying to find the correct number of columns…
>> Correct number of columns found!
>> Amount:  23
>> Do you want to have a sample URL for exploiting? (Yes/No) No
>> Ok, bye =)

]]> http://www.xenuser.org/2010/05/22/full-automated-column-finder-for-sql-injection-released/feed/ 1