- Detection & Exploitation Of SQL Injection Flaws - Safe3 SQL Injector

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.

The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:
var username;
username = Request.form ("username");
var sql = "select * from OrdersTable where username = '" + username + "'";
The user is prompted to enter the name. If he enters nikesh, the query assembled by the script looks similar to the following:
SELECT * FROM OrdersTable WHERE username = 'nikesh'
However, assume that the user enters the following:
nikesh'; drop table usersTable--
In this case, the following query is assembled by the script:
SELECT * FROM OrdersTable WHERE username = 'nikesh';drop table usersTable--'
The semicolon (;) denotes the end of one query and the start of another. The double hyphen (--) indicates that the rest of the current line is a comment and should be ignored.

If the modified code is syntactically correct, it will be executed by the server. When SQL Server processes this statement, SQL Server will first select all records in OrdersTable where username is nikesh. Then, SQL Server will drop usersTable.

USE THIS TOOL FOR LEGAL PURPOSES ONLY!

Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws (as shown above) and taking over of back-end database servers.

Safe3 SQL Injector Features:
  * Full support for GET/Post/Cookie Injection;
  * Full support for HTTP Basic, Digest, NTLM and Certificate authentications
  * Full support for MySQL, Oracle, PostgreSQL,MSSQL,ACESS,DB2,Sybase,Sqlite
  * Full support for Error/Union/Blind/Force SQL injection
  * Support for file acess,command execute,ip domain reverse,web path guess,md5 crack,etc.
  * Super bypass WAF 

You can download Safe3 SQL Injector here: Safe3SI.6.2.rar



source:http://linuxpoison.blogspot.com/2010/07/13578167751460.html