New SQL Power Injector 1.2 Released

SQL Power InjectorFrancois Larouche announced today the availability of a new version of Sql Power Injector , an excelent application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web application.

This time like the last version I emphasized on maturity, stability and reliability. I also emphasized on usability, documentation and innovation.

One of the major improvements is an innovative way to optimize and accelerate the dichotomy in the Blind SQL injection, saving time/number of requests up to 25%.

Added to this it’s now possible to define a range list that will replace a variable (<<@>>) inside a blind SQL injection string and automatically play them for you. That means you can get all the database names from the sysdatabases table in MS SQL without having to input the dbid each time for example.

Also another great time saver is a new Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context. No more time wasted to copy paste the session cookies after you logged… And of course you can make the easy SQL tests in your browser and you use the plugin once you want to search more thoroughly.

To make your life easier there is now a new feature that will search the diff between a positive condition (1=1) response with a negative condition (1=2) and display the list for you.

Last major addition is the extensive databases Help file (chm) that contains most of the information you need when you SQL inject. It covers the 5 DBMS supported by SQL Power Injector. You can find in it the system tables and views with their columns, environment variables, the useful functions and stored procedures. All this with some notes to how to use them and why it’s useful for SQL injection.

But of course, it’s more than that… As you will see in the list of the new features.

Released under Clarified Artistic License, Sql Power Injector is freely available for download

Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post

Subscribe without commenting

Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge