jSQL is an easy-to-use SQL injection tool that enables the user to retrieve database informations from a distant server.
jSQL injection consists of the following features:
- Get, Post, header, cookie methods
- Normal, error based, blind, time-based algorithms
- Automatic best algorithms detection
- Data retrieving progression
- Proxy setting
- Evasion
For now jSQL injection supports MySQL. And it requires the name of the parameter to inject and the distant server URL.
If you want to test drive the jSQL injection, you can save the following PHP code in a script (for example: simulate_get.php, and continue using the URL http://127.0.0.1/simulate_get.php?lib= in the first field of the tool, then click Connect to access the database:
<?php mysql_connect("localhost", "root", ""); mysql_select_db("my_own_database"); $result = mysql_query("SELECT * FROM my_own_table where my_own_field = {$_GET['lib']}") # time based or die( mysql_error() ); # error based if(mysql_num_rows($result)!==0) echo" true "; # blind while ($row = mysql_fetch_array($result, MYSQL_NUM)) echo join(',',$row); # normal ?>
To download, please click on this link.
Cheers!
About The Author
This article is written by Sindhia Javed Junejo. She is one of the core members of RHA team.
This article is written by Sindhia Javed Junejo. She is one of the core members of RHA team.
Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook, Google+ and Twitter.
Tags:
Hacking Tools
Kindly Bookmark it and Share it with Friends:
4 comments:
Email Marketing Campaigns is one of the low-cost and most effective ways to target an audience. email newsletter software gives you a wide variety of benefits that would increase the business success opportunity that you always desire. 16.Using email to target an already interested audience will not only drive your marketing costs, but can be done very quickly and easily.
thnx
mY Premium Tricks
hi rafay what is the diff between ETHICAL HACKING and PENETRATION TESTING
Now that's a highly debatable topic. There are lots of security researchers who don't even don't like to add (Ethical Hacker) with their name. According to them "Hacking" cannot be Ethical. What my opinion is that both of them are almost the same things, with a slight difference that Penetration testing involves a proper methodology, whereas hacking may have multiple methodologies.
According to the EC-Council's Certified Ethical Hacker course documentation the two can be defined as follows;
Penetration Testing:
A goal-oriented project of which the goal is the trophy and includes gaining privileged access by pre-conditional means.
Ethical Hacking:
A penetration test of which the goal is to discover trophies throughout the network within the predetermined project time limit.