CORE GRASP for PHP is a web-application protection software aimed at detecting and blocking injection vulnerabilities and privacy violations.The present implementation protects PHP 5.2.3 against SQL-injection attacks for the MySQL engine

Francois Larouche announced today the availability of a new version of Sql Power Injector , an excelent application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web application.

PRIAMOS It is fully automated and very easy to use. First, you will scan the application for vulnerable parameters and then launch the SQL injection attack against selected vulnerable parameter.

Security Hacks assembled a list of Top 15 free SQL Injection Scanners which include some of the most popular SQL injection tools such as : SQLibf, Absinthe, NGSS SQL Injector, etc.

6 days after Wordpress 2.2 release, Janek Vind has discovered a SQL injection vulnerability in WordPress 2.1.3, which can be exploited to conduct SQL injection attacks.

Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences David Litchfield, NGSSoftware , released this paper which describes a new method whereby an attacker, seeking to exploit a SQL injection flaw in an Oracle database server, may do so without the need to create an auxiliary inject function in order to execute arbitrary SQL.

Well, having the SQL server call home to your machine is cool enough (bye bye firewall) , but the paper’s author, Cesar Cerrudo went a step forward . These are the main topics covered by his paper :

I stumbled upon yet another blind SQl injection tool called sqlmap written by Bernardo Damele and Daniele Bellucci. I didn’t have time to test it, but the tool’s description is quite ambitious