MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache,MySql,PHP) and WAMP (Windows, Apache,MySql,PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities.
Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints. For example, the lack of multiple statements in one query makes MySQL an unpopular platform for remote code execution, compared to other platforms. This tool is written to demostrate how remote code execution can be performed on a database connector that do not support stack queries.
Currently works on Linux.
Key Features of mysqloit
1) SQL Injection detection using time based injection method
2) Database fingerprint – Helps to finds right database.
3) Web server directory fingerprint – Vulnareble directory can be serached and exploited.
4) Payload creation and execution – This is a good feature for creating your own paylods for execution which suties your environment.
mysqloit is designed for applications with mysql and php to find Vulnerability and exploit . and find these vulnerability before an outsider does.
Download mysqloit Here
Related External Links
If you enjoyed this article, you might also like:
- October 28, 2009 -- Scrawlr – Tool for finding SQL Injection
Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for... - September 23, 2009 -- Update : MSSQLScan v0.8.4
There are lots of updates and one of then is MSSQLScan v0.8.4 .This tool focus on MSSQL data... - July 1, 2010 -- UPDATE: Bsqlbf v2.6!
This update is huge for all Bsqlbf lovers like us! Bsqlbf is updated about which, we have talked in ... - April 16, 2010 -- UPDATE: bsqlbfv2.5!
bsqlbf is updated about which, we have talked in detail here"bsqlbf is a perl script that allows... - April 11, 2010 -- SFX-SQLi: A new SQL injection technique tool!
SFX-SQLi or Select For XML SQL injection is a new SQL injection technique that allows to extract the... - March 15, 2010 -- UPDATE: sqlmap 0.8 Final!
We wrote about sqlmap version 0.8 RC 1 being released here. Now, the author Bernardo Damele A. G. ha... - February 4, 2010 -- UPDATE: CAT.NET 2.0 – Beta!
We have previously written about Microsoft CAT.NET here. Now, the Microsoft Security Tools team has ... - January 29, 2010 -- SecuBat – A Modular Web Vulnerability Scanner!
We were actually waiting for a release of this scanner since the day a paper about it was presented ... - January 27, 2010 -- WITOOL: A web SQL Injection Tool!
WITOOL is a SQL injection tool powered by .NET (2.0), for SQL Server, Oracle, Error Base and Union B...
Tagged as: database security, mysqloit, SQL Injection, Vulnerability Scanner
You must log in to post a comment.