[ISR] :: Infobyte Security Research :: release (ISR-sqlget.pl) v1.0.0

• ISR - Infobyte Security Research
• | ISR-sqlget v1.0.0 | www.infobyte.com.ar |

..:: DESCRIPTION ISR-sqlget: It's a blind SQL injection tool developed in Perl. It lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file.

Databases supported:

• IBM DB2
• Microsoft SQL Server
• Oracle
• Postgres
• Mysql
• IBM Informix
• Sybase
• Hsqldb (www.hsqldb.org)
• Mimer (www.mimer.com)
• Pervasive (www.pervasive.com)
• Virtuoso (virtuoso.openlinksw.com)
• SQLite
• Interbase/Yaffil/Firebird (Borland)
• H2 (http://www.h2database.com)
• Mckoi (http://mckoi.com/database/)
• Ingres (http://www.ingres.com)
• MonetDB (http://www.monetdb.nl)
• MaxDB (www.mysql.com/products/maxdb/)
• ThinkSQL (http://www.thinksql.co.uk/)
• SQLBase (http://www.unify.com)

Evasion features:

• Full-width/Half-width Unicode encoding
• Apache non standard CR bypass
• mod_security bypass
• Random uppercase request transform
• PHP Magicquotes: encode every string using db CHR function or similar.
• Convert requests to hexadecimal values
• Avoid non-space replacing for /**/ or (\t) tab
• Avoid non || or + concatenation using db concat function or similar.
• Random user-agent
• Random proxy-server
• Random delay request

Common features:

• Database schemate download blacklist
• Cookie array support
• SSL support
• Proxy server support
• Database information dumped in csv format

Reporting:

• Database structure graphication to create impact executive reports require Graphviz library (http://www.graphviz.org/)

..DEMO

• Demo features (bypassing IBM ISS Proventia IPS) http://www.infobyte.com.ar/demo/ISR_sqlget_ISS_proventia_bypass.html

..AUTHOR Francisco Amato - famato+at+infobyte+dot+com+dot+ar

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

..:: DOWNLOAD http://www.infobyte.com.ar/development.html Received on Mon Jun 25 19:05:28 2007