OSDN -- 開發和下載開源軟體
繁體中文翻譯狀態 translation status for zh-tw

RSS
Download List

專案描述

SQLIer takes an URL vulnerable to SQL injection attacks and attempts to determine all of the necessary information to build and exploit an SQL injection hole by itself. It requires no user interaction unless it can't guess the table/field names correctly. By doing so, it can build a UNION SELECT query designed to brute force passwords out of the database. It does not use quotes in the exploit, meaning it will work for a wider range of sites. An 8 character password (containing any character from decimal ASCII code 1-127) takes approximately one minute to crack.

System Requirements

System requirement is not defined
Information regarding Project Releases and Project Resources. Note that the information here is a quote from Freecode.com page, and the downloads themselves may not be hosted on OSDN.

2006-10-12 18:44
0.8.2b

This release removes the dependency on the "tempfile" command, which apparently is Debian/Debian-derivative specific. It should now work on most GNU/Unix platforms.
標籤: Major bugfixes

2006-08-17 10:26
0.8.1b

Non-blind injection support was added along with support for subquery-based exploits. "UNION SELECT" exploits now attempt to bypass some common filtering mechanisms before giving up. The detection engine was altered, fixing a bunch of injection issues. Various other bugfixes and engine tweaks were made.
標籤: Major feature enhancements

2006-08-07 08:28
0.8b

The program now attempts to determine table, username field, and password field names. Automatic building of SQL injection statements was implemented. Multiple usernames are now accepted. The status is now saved so that the script doesn't have to perform the same operations over and over again. A new option based interface (rather than argument based) was implemented.
標籤: Major feature enhancements

2006-08-03 14:58
0.1a

標籤: Initial freshmeat announcement

Project Resources

Project Page 下載: 更動紀錄 首頁 下載: TGZ