SQLIer 0.8.2b review

Download
by rbytes.net on

SQLIer is a script that uses brute force to crack passwords through "true/false" SQL injection vulnerabilities

License: BSD License
File size: 17K
Developer: Brad Cable
0 stars award from rbytes.net

SQLIer is a script that uses brute force to crack passwords through "true/false" SQL injection vulnerabilities. With "true/false" SQL injection vulnerabilities, you cannot actually query data out of the database, only ask a statement that is returned "true" or "false".

SQLIer takes each character's ASCII code and asks a "higher/lower" question to the database, eventually reaching the actual character code. This script also does not use quotes in the exploit to operate, meaning it will work for a wider range of sites.

An 8 character password (containing any character from decimal ASCII code 1-127) takes approximately 1 minute to crack.

What's New in This Release:
This release removes the dependency on the "tempfile" command, which apparently is Debian/Debian-derivative specific.
It should now work on most GNU/Unix platforms.

SQLIer 0.8.2b search tags