Hacker, Researcher and Author.

jSQL Injection - Java GUI for Database Injection.


jSQL is an easy-to-use SQL injection tool that enables the user to retrieve database informations from a distant server.


jSQL injection consists of the following features:

  • Get, Post, header, cookie methods
  • Normal, error based, blind, time-based algorithms
  • Automatic best algorithms detection
  • Data retrieving progression
  • Proxy setting
  • Evasion
For now jSQL injection supports MySQL. And it requires the name of the parameter to inject and the distant server URL.

If you want to test drive the jSQL injection, you can save the following PHP code in a script (for example: simulate_get.php, and continue using the URL http://127.0.0.1/simulate_get.php?lib= in the first field of the tool, then click Connect to access the database:






<?php
    mysql_connect("localhost", "root", "");
    mysql_select_db("my_own_database");

    $result = mysql_query("SELECT * FROM my_own_table where my_own_field = {$_GET['lib']}") # time based
    or die( mysql_error() ); # error based

    if(mysql_num_rows($result)!==0) echo" true "; # blind

    while ($row = mysql_fetch_array($result, MYSQL_NUM))
        echo join(',',$row); # normal
?>

To download, please click on this link.

Cheers!

About The Author

This article is written by Sindhia Javed Junejo. She is one of the core members of RHA team.

4 comments:

  1. Email Marketing Campaigns is one of the low-cost and most effective ways to target an audience. email newsletter software gives you a wide variety of benefits that would increase the business success opportunity that you always desire. 16.Using email to target an already interested audience will not only drive your marketing costs, but can be done very quickly and easily.

    ReplyDelete
  2. hi rafay what is the diff between ETHICAL HACKING and PENETRATION TESTING

    ReplyDelete
  3. Now that's a highly debatable topic. There are lots of security researchers who don't even don't like to add (Ethical Hacker) with their name. According to them "Hacking" cannot be Ethical. What my opinion is that both of them are almost the same things, with a slight difference that Penetration testing involves a proper methodology, whereas hacking may have multiple methodologies.

    According to the EC-Council's Certified Ethical Hacker course documentation the two can be defined as follows;

    Penetration Testing:
    A goal-oriented project of which the goal is the trophy and includes gaining privileged access by pre-conditional means.

    Ethical Hacking:
    A penetration test of which the goal is to discover trophies throughout the network within the predetermined project time limit.

    ReplyDelete

© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form

Name

Email *

Message *

Powered by Blogger.