martes, 2 de septiembre de 2008

SQLMAP Released - Detecta vulnerabilidades de inyección SQL


SQLMAP es una herramienta SQL injection automática enteramente desarrollada en Python. Su objetivo es detectar vulnerabilidades de inyección SQL en aplicaciones web.

Una vez que detecta una o varias inyecciones SQL en el host objetivo, el usuario puede elegir entre una variedad de opciones para llevar a cabo un extenso back-end database management system fingerprint, recuperar sesiones de usuario, enumerar usuarios, password hashes, privileges, databases etre otras acciones.
Otras caracteristicas...
  • 1st of September 2008: sqlmap 0.6 is out with many new features, complete code refactoring and many bugs fixed
  • Full support for MySQL, Oracle, PostgreSQL and Microsoft SQL Server back-end database management systems. Besides these four database management systems, sqlmap can also identify Microsoft Access, DB2, Informix, Sybase and Interbase.
  • Full support for two SQL injection techniques: blind SQL injection and inband SQL injection.
  • PHP setting magic_quotes_gpc bypass by encoding every query string, between single quotes, with CHAR, or similar, database management system function.
  • HTTP Cookie header string support, useful when the web application requires authentication based upon cookies and you have such data or in case you just want to test for and exploit SQL injection on such header.
  • Support to save the session (queries and their output, even if partially retrieved) in real time while fetching the data on a text file and resume the injection from this file in a second time.
  • Automatically tests all provided GET parameters, POST parameters, HTTP Cookie header values and HTTP User-Agent header value to find the dynamic ones, which means those that vary the HTTP response page content. On the dynamic ones sqlmap automatically tests and detects the ones affected by SQL injection

Download
sqlmap can be downloaded from its SourceForge File List page. It is available in various formats.

No hay comentarios: