Date: Wed, 04 Mar 2009 22:09:21 +0000
Hello,
A new version of sqlsus has been released and is available at
http://sqlsus.sf.net/
You will find on the website a description of the features, along with some
documentation and flash demos showing how the tool can be used.
sqlsus is a MySQL injection and takeover tool, written in perl.
Via a command line interface that mimics a mysql console, you can
retrieve the
database structure, inject a SQL query, download files from the web server,
upload and control a backdoor, and much more...
It is designed to maximize the amount of data gathered per web server hit,
making the best use (I can think of) of MySQL functions to optimize the
available injection space.
sqlsus is focused on PHP/MySQL installations, and already integrates some
neat features, some of which are really specific to this DBMS.
It is not and won't ever be a SQL injection scanner, it starts its job on
the next step.
I have lots of ideas for sqlsus improvements, all I need is time, and
feedback :)
The code is really young (and quite dirty), so I have no doubt there are
lots of bugs waiting to be found (and fixed).
Anyway, so far it has been working pretty well for me, and I hope you will
find this tool useful.
Download and enjoy :)
动画演示:
