The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:
var username;The user is prompted to enter the name. If he enters nikesh, the query assembled by the script looks similar to the following:
username = Request.form ("username");
var sql = "select * from OrdersTable where username = '" + username + "'";
SELECT * FROM OrdersTable WHERE username = 'nikesh'However, assume that the user enters the following:
nikesh'; drop table usersTable--In this case, the following query is assembled by the script:
SELECT * FROM OrdersTable WHERE username = 'nikesh';drop table usersTable--'The semicolon (;) denotes the end of one query and the start of another. The double hyphen (--) indicates that the rest of the current line is a comment and should be ignored.
If the modified code is syntactically correct, it will be executed by the server. When SQL Server processes this statement, SQL Server will first select all records in OrdersTable where username is nikesh. Then, SQL Server will drop usersTable.
USE THIS TOOL FOR LEGAL PURPOSES ONLY!
Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws (as shown above) and taking over of back-end database servers.
Safe3 SQL Injector Features:
* Full support for GET/Post/Cookie Injection;
* Full support for HTTP Basic, Digest, NTLM and Certificate authentications
* Full support for MySQL, Oracle, PostgreSQL,MSSQL,ACESS,DB2,Sybase,Sqlite
* Full support for Error/Union/Blind/Force SQL injection
* Support for file acess,command execute,ip domain reverse,web path guess,md5 crack,etc.
* Super bypass WAF
You can download Safe3 SQL Injector here: Safe3SI.6.2.rar
source:http://linuxpoison.blogspot.com/2010/07/13578167751460.html