Home > IT-Tools > SQLBrute – Blind SQL Injection

SQLBrute – Blind SQL Injection

May 25th, 2007

SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities. It supports time based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and doesn´t require non-standard libraries.

For error based SQL injection, SQLBrute should work, if you can either: Get an identifiable difference between adding the exploit strings AND 1=1 and AND 1=2 to your SQL injection point (usually works if the query is normally valid); Get an identifiable difference between adding the exploit strings OR 1=1 and OR 1=2 to your SQL injection point (usually works if the query is normally invalid)

IT-Tools

Comments are closed.