SQLIer 0.8.2b review
DownloadSQLIer is a script that uses brute force to crack passwords through "true/false" SQL injection vulnerabilities
|
|
SQLIer is a script that uses brute force to crack passwords through "true/false" SQL injection vulnerabilities. With "true/false" SQL injection vulnerabilities, you cannot actually query data out of the database, only ask a statement that is returned "true" or "false".
SQLIer takes each character's ASCII code and asks a "higher/lower" question to the database, eventually reaching the actual character code. This script also does not use quotes in the exploit to operate, meaning it will work for a wider range of sites.
An 8 character password (containing any character from decimal ASCII code 1-127) takes approximately 1 minute to crack.
What's New in This Release:
This release removes the dependency on the "tempfile" command, which apparently is Debian/Debian-derivative specific.
It should now work on most GNU/Unix platforms.
SQLIer 0.8.2b search tags