mySQLenum – Automatic blind sql injection tool

mySQLenum is a command line automatic blind sql injection tool for web application that uses MySql server as its back-end. Its main goal is to provide an easy to use command line interface.

Coded in pure c, does not depends on external library, is fast and support all MySQL versions.

It is easy and simple to use, all web application develops who use database can use this tool to simply run and find known vulneability.

Five necessary parameters:

–url: target URL
–sql-query: sql query to execute (or –macro to enter in Macro mode)
–param: vulnerable parameter
–param-value: a valid value to assign to parameter
–match-string: string to match in page content when the query is valid

How to use mySQLenum

mysqlenum –url=”http://www.oneexample.com/page.php” –sql-query=”select username from users” –param=page_id –param-value=1 –match-string=”Articolo 22″ –http-auth=”user:P4ssw0rd”

Query: select username from users

1) root
2) local
3) marco
4) luca
5) —

> Total requests: 192
> Data sent: 40 Kb
> Data received: 862 Kb

When above five parameter is not provided it automaticaly assumes.

- the request type is GET
- the webserver port is 80
- the charset used during the enumeration is included between – the ASCII values 32 and 122

we can use the CONCAT function to enumerate more fields with only one query:

One more macro mode example.

interactive Macro mode is possible to automatically enumerate:

- all available databases
- all tables of a specific database
- all fields of a specific table

the macro mode requires that the INFORMATION_SCHEMA is accessible.

mysqlenum –url=”http://www.example.com/page.php” –macro –param=page_id –param-value=1 –match-string=”Articolo 22″

Available macros:
1) Databases enumeration
2) Tables enumeration
3) Fields enumeration

Your choice: X

Databases:
1) information_schema
2) site
3) —

> Total requests: 227
> Data sent: 62 Kb
> Data received: 1066 Kb

Operating system supported

*nix Systems

Download mysqlenum Here

If you enjoyed this article, you might also like:

• July 1, 2010 -- UPDATE: Bsqlbf v2.6!
  This update is huge for all Bsqlbf lovers like us! Bsqlbf is updated about which, we have talked in ...
• April 16, 2010 -- UPDATE: bsqlbfv2.5!
  bsqlbf is updated about which, we have talked in detail here"bsqlbf is a perl script that allows...
• April 11, 2010 -- SFX-SQLi: A new SQL injection technique tool!
  SFX-SQLi or Select For XML SQL injection is a new SQL injection technique that allows to extract the...
• March 15, 2010 -- UPDATE: sqlmap 0.8 Final!
  We wrote about sqlmap version 0.8 RC 1 being released here. Now, the author Bernardo Damele A. G. ha...
• January 29, 2010 -- SecuBat – A Modular Web Vulnerability Scanner!
  We were actually waiting for a release of this scanner since the day a paper about it was presented ...
• January 27, 2010 -- WITOOL: A web SQL Injection Tool!
  WITOOL is a SQL injection tool powered by .NET (2.0), for SQL Server, Oracle, Error Base and Union B...
• November 26, 2009 -- Pangolin – Automatic SQL injection penetration testing tool
  Pangolin is an automatic SQL injection penetration testing tool ,Its goal is to detect and take adva...
• October 28, 2009 -- Scrawlr – Tool for finding SQL Injection
  Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for...
• October 12, 2009 -- Update : Sqlmap version 0.8 release candidate 1
  Hi we have discussed about sqlmap previous releases also , latest version Sqlmap version 0.8 release...

Tagged as: database security, mySQLenum, SQL Injection