jSQL Injection - Java GUI for Database Injection.

jSQL is an easy-to-use SQL injection tool that enables the user to retrieve database informations from a distant server.


jSQL injection consists of the following features:

• Get, Post, header, cookie methods
• Normal, error based, blind, time-based algorithms
• Automatic best algorithms detection
• Data retrieving progression
• Proxy setting
• Evasion

For now jSQL injection supports MySQL. And it requires the name of the parameter to inject and the distant server URL.

If you want to test drive the jSQL injection, you can save the following PHP code in a script (for example: simulate_get.php, and continue using the URL http://127.0.0.1/simulate_get.php?lib= in the first field of the tool, then click Connect to access the database:

php
    mysql_connect("localhost", "root", "");
    mysql_select_db("my_own_database");

    $result = mysql_query("SELECT * FROM my_own_table where my_own_field = {$_GET['lib']}") # time based
    or die( mysql_error() ); # error based

    if(mysql_num_rows($result)!==0) echo" true "; # blind

    while ($row = mysql_fetch_array($result, MYSQL_NUM))
        echo join(',',$row); # normal
?>

To download, please click on this link.

Cheers!

About The Author

This article is written by Sindhia Javed Junejo. She is one of the core members of RHA team.