Description: In this video he will shows us how to exploit blind SQL vulnerability Using BlindCat.
This tool is useful for web application penetration testing and Vulnerability assessment.
Feature :-
Be independent from SQL engine (support MS SQL, MySQL, Oracle, DB2, Firebird, etc.).
Be independent from SQL language differences between different systems.
Support "true/false", "true/error" and time-based conditions (maybe more).
Be able to send HTTP request (GET or POST) to vulnerable web applications, with many different parameters.
Support HTTP and HTTPS.
It may be required to provide tons of custom cookies, viewstates, etc.
It may also be required to send custom HTTP header (referrers, browser info, etc.).
It would be nice to be able use a HTTP proxy if needed (kind of "debug mode" for our exploitation).
It should be possible to execute any SQL query (assuming the remote system and the vulnerability allow it).
The tool should be reasonably easy to use (hmm... that's could be a tough one).
Tool:- http://itsecuritylab.eu
Tags: blind-sql , injection , tool ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Quite hard to have an easy to use tool.
Though that's what makes blind sql inj that cool.
By the way, the algo used seems nice it's dichotomia right?
Is there a way to see the requests sent?
Why not add an option to automatically url encode the request?
Thanks anyway, I'll give this tool a try. And maybe throw away my home made one :p
Video Tutorial is Interesting. BlindSQL injection is hard for me manually let me try this tool. :)
i think this tool will make my problem easier. thanks for the video