jsql-injection

Posted on Saturday, November 03, 2012 by Tenderfoot








An easy to use SQL injection tool for retrieving database informations from a distant server.
You can discuss about jSQL Injection on the discussion group.
jSQL Injection features:
  • GET, POST, header, cookie methods
  • normal, error based, blind, time based algorithms
  • automatic best algorithms detection
  • data retrieving progression
  • proxy setting
  • evasion
For now supports MySQL.
Running injection requires the distant server url and the name of the parameter to inject.
If you know an injection should work but the jSQL tool doesn't access the database, you can inform me by email or use the discussion group.
For a local test, you can save the following PHP code in a script named for example simulate_get.php, and use the URLhttp://127.0.0.1/simulate_get.php?lib= in the first field of the tool, then click Connect to access the database:
<?php
    mysql_connect("localhost", "root", "");
    mysql_select_db("my_own_database");

    $result = mysql_query("SELECT * FROM my_own_table where my_own_field = {$_GET['lib']}") # time based
    or die( mysql_error() ); # error based

    if(mysql_num_rows($result)!==0) echo" true "; # blind

    while ($row = mysql_fetch_array($result, MYSQL_NUM))
        echo join(',',$row); # normal
?>

Labels: , , , ,

3 Response to "jsql-injection"

.
ed meds Says....
24 November 2020 at 23:48

Simply desire to say your article is as amazing. The clearness in your post is just spectacular and i can assume you're an expert on this subject. Well with your permission allow me to grab your RSS feed to keep updated with forthcoming post. Thanks a million and please keep up the gratifying work.

.
erectile dysfunction causes Says....
24 November 2020 at 23:55

It's hard to come by experienced people on this topic, however, you sound like you know what you're talking about! Thanks

Leave A Reply

Subscribe to: Post Comments (Atom)