Blind Sql Injection Brute Forcer version 2 is a tool developed by Sumit Siddharth, which allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections.
Databases supported:
- MS-SQL
- MySQL
- PostgreSQL
- Oracle
The tool supports 6 attack modes:
- Blind SQL Injection based on true and false conditions returned by back-end server
- Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.
- Blind SQL Injection in “order by” and “group by”.
- Extracting data with SYS privileges (ORACLE dbms_export_extension exploit)
- O.S code execution (ORACLE dbms_export_extension exploit)
- Reading files (ORACLE dbms_export_extension exploit, based on java)
NotSoSecure.com - for related information and videos
