From: Francois Larouche (francois.larouche@sqlpowerinjector.com)
Date: Wed Jun 14 2006 - 10:59:18 EDT
Greeting list,
I have the pleasure to announce that a new version of SQL Power Injector
is now officially available on my web site:
www.sqlpowerinjector.com
If someone ask me to say what's more in that version I will most
definitely say that it gained maturity, stability and reliability.
- It's more _mature_ in the sense that it's more friendly user, can save
and reload previous sessions and I added some small features that make
it richer than it was before.
- It's more _stable_ because this time I made sure to test it with more
environments, scenarios and type of web pages, and fixed the bugs that
some of you had the amiability to forward me.
- And finally it's more _reliable_ because I highly improved the loading
process to work on as many pages as I can find and test. I added also
the SSL support and detection of multi forms, IFrames and even framesets.
Of course, there are more than that, here is the list of what you can find:
- Now support Sybase/Adaptive Server Enterprise
- No more (annoying) popup when there are JavaScript errors while
loading the page
- Page loading improved
- Detection of redirection, has moved, refresh, "no form tags" and
frameset redesigned and improved
- Improved the building of URL
- SSL support
- Detection and load of all the forms
- Detection and load of all IFrames
- Get the method type for each form detected (prefix [GET] or [POST]
with color code)
- If there is no explicit action in the Form it automatically reuses the
current page (default browser behavior)
- Added Select value, checkbox and textarea html object
- Http and Https clearer
- Option that auto detects the language of the web site
- Save and load sessions in a XML file
- Threads are better handled
- Check for updates implemented
- Percentage and progress bar for the blind SQL injection
- Send a IE6 User Agent to the requested web server
- Can be now installed on machines with only the .Net Framework 2.0
installed
- Various things redesigned and quality improvement
For those who don't know what is SQL Power Injector you will find next
some details about the application (more details can be found on the web
site):
INTRODUCTION
=============
SQL Power Injector is a graphical application created in .Net 1.1 that
helps the penetrating tester to inject SQL commands on a web page.
For now it is SQL Server, Oracle and MySQL compliant, but it is possible
to use it with any existing DBMS when using the inline injection (Normal
mode).
Moreover this application will get all the parameters you need to test
the SQL injection, either by GET or POST method, avoiding thus the need
to use several applications or a proxy to intercept the data.
FEATURES
=======
- Supported on Windows, Unix and Linux operating systems
- SQL Server, Oracle, MySQL and Sybase/Adaptive Server compliant
- SSL support
- Load automatically the parameters from a form or a IFrame on a web
page (GET or POST)
- Detect and browse the framesets
- Option that auto detects the language of the web site
- Find automatically the submit page(s) with its method (GET or POST)
displayed in a different color
- Single SQL injection
- Blind SQL injection
* Comparison of true and false response of the page or results in
the cookie
* Time delay
- Response of the SQL injection in a customized browser
- Fine tuning parameters injection
- Can parameterize the size of the length and count of the expected
result to optimize the time taken by the application to execute the SQL
injection
- Multithreading
- Option to replace space by empty comments /**/ against IDS or filter
detection
- Automatically encode special characters before sending them
- Automatically detect predefined SQL errors in the response page
- Automatically detect a predefined word or sentence in the response page
- Real time result
- Possibility to inject an authentication cookie
- Can view the HTML code source of the returned page
- Save and load sessions in a XML file
SUMMARY OF THE DIFFERENCES WITH THE OTHER EXISTING TOOLS
========================================================
- Fine tuning parameters SQL injection
- Time delay feature
- Multithread feature
- Response results in a customized browser
LICENSE
=======
Clarified Artistic License
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:06 EDT