Friday, December 9, 2011
10:00 PM

Automatic SQL Injection Exploitation Tool - TheMole

Author is not responsible for any damage or illegal actions caused by the use of this program.
Use on your own risk!

SQL injection is yet another common vulnerability that is the result of lax input validation. Unlike cross-site scripting vulnerabilities that are ultimately directed at your site’s visitors, SQL injection is an attack on the site itself—in particular its database. The goal of SQL injection is to insert arbitrary data, most often a database query, into a string that’s eventually executed by the database. The insidious query may attempt any number of actions, from retrieving alternate data, to modifying or removing information from the database.

TheMole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

TheMole Features
 * Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
 * Command line interface. Different commands trigger different actions.
 * Auto-completion for commands, command arguments and database, table and columns names.
 * Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the  possibility of creating new ones easily.
 * Developed in python 3.

Continue Reading...

0 comments:

Post a Comment