Skip to main content

ISR-Sqlget - Blind SQL Injection Tool

Databases supported: - IBM DB2 - Microsoft SQL Server - Oracle - Postgres - Mysql - IBM Informix - Sybase - Hsqldb (www.hsqldb.org) - Mimer (www.mimer.com) - Pervasive (www.pervasive.com) - Virtuoso (virtuoso.openlinksw.com) - SQLite - Interbase/Yaffil/Firebird (Borland) - H2 (http://www.h2database.com) - Mckoi (http://mckoi.com/database/) - Ingres (http://www.ingres.com) - MonetDB (http://www.monetdb.nl) - MaxDB (www.mysql.com/products/maxdb/) - ThinkSQL (http://www.thinksql.co.uk/) - SQLBase (http://www.unify.com) Evasion features: - Full-width/Half-width Unicode encoding - Apache non standard CR bypass - mod_security bypass - Random uppercase request transform - PHP Magicquotes: encode every string using db CHR function or similar. - Convert requests to hexadecimal values - Avoid non-space replacing for /**/ or (\t) tab - Avoid non || or + concatenation using db concat function or similar. - Random user-agent - Random proxy-server - Random delay request Common features: - Database schemate download blacklist - Cookie array support - SSL support - Proxy server support - Database information dumped in csv format Download

http://www.infobyte.com.ar/down/ISR-sqlget-1.0.0.tar.gz

Demo: http://www.infobyte.com.ar/demo/ISR_sqlget_ISS_proventia_bypass.html

Share this with your friends
Loading...