|
sqlsus is an open source MySQL injection and takeover tool, written in perl.
Via a command line interface that mimics a mysql console, you can retrieve the databases structure, inject SQL queries, download files from the web server, upload and control a backdoor, clone the databases, and much more...
It is designed to maximize the amount of data gathered per server hit, making the best use (I can think of) of MySQL functions to optimise the available injection space.
Using multithreading, stacked subqueries (inband), regular expression matching (blind), sqlsus is an extremly fast database dumper.
It uses sqlite databases as a backend, for an easier use of what has been dumped, and integrates a lot of common features (see below) such as cookies support, http proxy, https..
General
Both quoted and numeric injections are supported.
All quoted texts can be translated as their hex equivalent to bypass any quotes filtering (eg: magic_quotes_gpc) (eg : 'sqlsus' will become 0x73716c737573)
sqlsus also supports these 2 scenarios of injection :
* inband : the result of the request will be in the HTML returned by the web server
* blind : when you can't see the result of the request directly
Support for GET and POST parameters injection vectors.
Support for HTTP proxy and HTTP simple authentication.
Support for HTTPS.
Support for cookies.
Full SQLite backend, storing queries / results as they come, databases structure, key variables. This allows you to recall a command and its cached answer, even in a later re-use of the session.
Possibility to clone a database / table / column, into a local SQLite database, and continue over different sessions.
If you can't access the information_schema database, or if it doesn't exist, sqlsus will help you bruteforce the names of the tables and columns.
Possibility to change the current database and still use all the commands transparently.
|
