sqlget is a blind SQL injection tool developed in Perl, it lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file.
Databases supported:
- IBM DB2
- Microsoft SQL Server
- Oracle
- Postgres
- Mysql
- IBM Informix
- Sybase
- Hsqldb
- Mime
- Pervasive
- Virtuoso
- SQLite
- Interbase/Yaffil/Firebird (Borland)
- H2
- Mckoi
- Ingres
- MonetDB
- MaxDB
- ThinkSQL
- SQLBase
- Full-width/Half-width Unicode encoding
- Apache non standard CR bypass
- mod_security bypass
- Random uppercase request transform
- PHP Magicquotes: encode every string using db CHR function or similar.
- Convert requests to hexadecimal values
- Avoid non-space replacing for /**/ or (\t) tab
- Avoid non || or + concatenation using db concat function or similar.
- Random user-agent
- Random proxy-server
- Random delay request
- Database schemate download blacklist
- Cookie array support
- SSL support
- Proxy server support
- Database information dumped in csv format
ISR sqlget ISS Proventia Bypass
And you can download sqlget here:
ISR-sqlget v.1.0.0
Or read more here.
0 comments:
Post a Comment