Official release of SQL Power Injector v1.0

From: Francois Larouche (larouche_francois@hotmail.com)
Date: Mon Feb 13 2006 - 12:57:22 EST


Greeting list,

I have the pleasure to announce that SQL Power Injector is now officially
available on my web site:

www.sqlpowerinjector.com

Here are some details about the application (more details could be found on
the web site):

INTRODUCTION
============

SQL Power Injector is a graphical application created in .Net 1.1 that helps
the penetrating tester to inject SQL commands on a web page.

For now it is SQL Server, Oracle and MySQL compliant, but it is possible to
use it with any existing DBMS when using the inline injection (Normal mode).

Moreover this application will get all the parameters you need to test the
SQL injection, either by GET or POST method, avoiding thus the need to use
several applications or a proxy to intercept the data.

FEATURES
=======

• Supported on Windows, Unix and Linux operating systems
• SQL Server, Oracle and MySQL compliant
• Load automatically the parameters on a web page (GET or POST)
• Find automatically the submit page
• Single SQL injection
• Blind SQL injection
        o Comparison of true and false response of the page or results in the
cookie
        o Time delay
• Response of the SQL injection in a customized browser
• Fine tuning parameters injection
• Can parameterize the size of the length and count of the expected result
to optimize the time taken by the application to execute the SQL injection
• Multithreading
• Option to replace space by empty comments /**/ against IDS or filter
detection
• Automatically encode special characters before sending them
• Automatically detect predefined SQL errors in the response page
• Automatically detect a predefined word or sentence in the response page
• Real time result
• Possibility to inject an authentication cookie
• Can view the HTML code source of the returned page
• Detect automatically generic SQL error in the returned page

SUMMARY OF THE DIFFERENCES WITH THE OTHER EXISTING TOOLS
===========================================

• Fine tuning parameters SQL injection
• Time delay feature
• Multithread feature
• Response results in a customized browser

LICENSE
=====

Clarified Artistic License

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:31 EDT