Home » , » Update jSQL Injection v0.3 - a java tool for automatic database injection.

Update jSQL Injection v0.3 - a java tool for automatic database injection.

Written By mediana saputra on Sunday, 10 March 2013 | 20:50


jSQL Injection is a lightweight application used to find database information from a distant server.
jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).
Version 0.3 features:
  • GET, POST, header, cookie methods
  • Normal, error based, blind, time based algorithms
  • Automatic best algorithm selection
  • Thread control (start/pause/resume/stop)
  • Expose URL calls
  • Simple evasion
  • Data retrieving progression bar
  • Proxy setting
  • Distant file reading
  • Webshell deposit
  • Terminal for webshell commands
  • Configuration backup
  • Updates checking
  • Supports MySQL
Next work:
+ distant table writing [sqli]
+ distant file writing [sqli]
+ reverse tcp shell deposit [sqli]
+ right elevation [sqli]
+ speed increase (non encoding pass): 50% faster [sqli]
+ control all running tasks in a tab [gui]
# speed test comparison with other injection tools [dev]
# automatic code testing (JUnit) [dev]
# wiki pages [site]
Installation
First, install java. Then download the latest jSQL executable and double click on the .jar file to open the main window (or you may type in a terminal: java -jar jsql-injection-v0.2.jar).
Forum
You can request features and discuss about algorithm, programming and functionality in the discussion group.
Injection and local test
Running injection requires from you the URL for a local or distant server, and the name of parameter to inject.
For a local test, you can save the following PHP code as 'simulate_get.php' and move it to the root folder into your web server (e.g /www), then use http://127.0.0.1/simulate_get.php?lib= in jSQL, and finally click Connect to read the local database safely:
<?php
    mysql_connect
("localhost", "root", "");
    mysql_select_db
("my_own_database");

    $result
= mysql_query("SELECT * FROM my_own_table where my_own_field = " . $_GET['lib']) # time based
       
or die( mysql_error() ); # error based

   
if( mysql_num_rows($result) !== 0 ) echo " something "; # blind

   
while( $row = mysql_fetch_array($result, MYSQL_NUM) )
        echo join
(',',$row); # normal
?>
Coding
Source code can be accessed at the Google Git repository.
Tools used during development: w7 jre7 eclipse easyphp notepad++ egit virtualbox.

Screenshot of various operating systems: Linux, Mac OS X

Disclaimer
Attacking web-server is illegal without prior mutual consent. The end user is responsible and obeys all applicable laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

Download latest version-
jsql-injection-v0.3.jar
Download other versions from here

Source-
https://code.google.com/p/jsql-injection/
Share this article :

Post a Comment

 
Support : Creating Website | Johny Template | Mas Template
Copyright © 2011. Turorial Grapich Design and Blog Design - All Rights Reserved
Template Created by Creating Website Published by Mas Template
Proudly powered by Blogger