[Tool] Sqlsus - SQLinjection tool
Sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writabledirectories, upload and control a backdoor, clone the databases, and much more. sqlsus is an open source (My)SQL injection tool, written in perl. It focuses on speed and efficiency, optimising the available injection space. It provides an easy to use interface with lots of neat features.
Fixed a bug in the progress display where the number of items to be fetched was incorrectly reported in inband with LIMIT x,y clauses (e.g. resuming a “clone” command).
Fixed the display of “autoconf max_sendable” so that it won’t show on multiple lines on terminals wrapping at 80 chars.
Fixed the cutting queries regex which was misbehaving when the last column of a table was named after a SQL SELECT end keyword.
On inband mode, sqlsus now discards MySQL errors in the HTML if it finds the expected results anyway.
Setting variable “proxy” to an erroneous value will throw an error and unload the proxy settings.
Starting with version 0.7, sqlsus now supports time-based blind injection and automatically detectsweb server, etc.. length restrictions. Quite a lot of improvements for this release again!