In the Austin Hackers
Association meeting they released SQLol. SQLolis a configurable SQL
injection testbed. It allows you to exploit SQL injection flaws, but
furthermore allows a large amount of control over the manifestation of
the flaw. The author thought about different data extraction techniques
from SQL injection flaws and found that a vulnerability framework that
includes SQLi verbose error extraction techniques was never found. To be
precise, the author never came across a vulnerability framework that
includes SQL injection in a DELETE query. So, with this aim in mind,
SQLol was born, specifically for SQL injection flaws. It can be useful
to those who know nothing about SQL injection, or those who know a bit
of it. SQLol comes with a set of challenges which help you with
performing some flavor of SQL injection and have pre-configured
settings.
- Type of query
- Location within query
- Type and level of sanitization
- Level of query output
- Verbosity of error messages
- Visibility of query
- Injection string entry point
Other Cool Things:-
- Reset button
- Challenges
- Support for multiple database systems
Requirements:-
- PHP 5.x
- Web server
- Database server (MySQL, PostgreSQL and SQLite have been tested, others may work)
- ADODB library (included)
To Download SQLol Click Here
Tidak ada komentar:
Posting Komentar