Posts tagged: MySQL Injection

Jan 03 2012

Fully Automated MySQL 5 Boolean Enumeration Script

This script uses blind SQL injection and boolean enumeration to perform INFORMATION_SCHEMA Mapping.

Syntax:

perl mysql5enum.pl -h [hostname] -u [url] [-q [query]]

Example:

perl mysql5enum.pl -h www.target.tld -u http://www.target.tld/vuln.ext?input=24 -q “select system_user()”

Description:
– By default, this script will first determine username, version and database name before enumerating the information_schema information.
– When the -q flag is applied, a user can supply any query that returns only a single cell.
– If the exploit or vulnerability requires a single quote, simply tack %27 to the end of the URI.
– This script contains error detection: It will only work on a mysql 5.x database, and knows when its queries have syntax errors.
– This script uses perl’s LibWhisker2 for IDS Evasion (The same as Nikto).
– This script uses the MD5 algorithm for optimization. There are other optimization methods, and this may not work on all sites.

Download: mysql5enum.pl.zip

Mar 28 2011

MySQL and Sun websites hacked using SQL injection

MySQL.com, the official website of the database management system of the same name, was today subjected to an attack whereby hackers used SQL injection exploits to gain access to a complete list of usernames and passwords on the site.

News of the attack surfaced when the attackers posted details of the compromise on the Full Disclosure mailing list, publicly listing the contents of database tables used to store member and employee data, but also a small sample of user logins and password hashes.

MySQL Sun Hacked

Owned by Oracle, MySQL is used by millions of websites to store and deliver information, with some of the most popular online services and platforms including WordPress and Joomla utilising the software.

The attack was achieved using “blind SQL injection”, targeting MySQL.com, MySQL.fr, MySQL.de and MySQL.it, but also two Sun domains.

It appears that the attacks were not due to flaws in the MySQL software itself, but flaws in the implementation of their websites.

Sep 05 2009

mysqloit – SQL Injection Takeover Tool

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache,MySql,PHP) and WAMP (Linux, Apache,MySql,PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities.

Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints. For example, the lack of multiple statements in one query makes MySQL an unpopular platform for remote code execution, compared to other platforms. This tool is written to demostrate how remote code execution can be performed on a database connector that do not support stack queries.

Platform supported: Linux

Key Features:

  • SQL Injection detection using time based injection method
  • Database fingerprint
  • Web server directory fingerprint
  • Payload creation and execution

Download: MySqloitv0.1

May 13 2009

Pangolin – SQL Injection Tool

Pangolin SQL InjectionPangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Database Support:

* Access: Informations (Database Path; Root Path; Drivers); Data
* MSSql: Informations; Data; FileReader; RegReader; FileWriter; Cmd; DirTree
* MySql: Informations; Data; FileReader; FileWriter;
* Oracle: Inforatmions (Version; IP; Database; Accounts); Data;
* Informix: Informatons; Data
* DB2: Informatons; Data; and more;
* Sybase: Informatons; Data; and more;
* PostgreSQL: Informatons; Data; FileReader;
* Sqlite: Informatons; Data

Download Free Edition: Pangolin v2.1.2.924

More Info: Pangolin – Amazing SQL Injection World

Apr 10 2009

GreenSQL – SQL Database Firewall

GreenSQLGreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license.

GreenSQL-FW: 1.0.0 Released :
GreenSQL team is ready to present new version of GreenSQL. GreenSQL intercept SQL commands being sent to MySQL, checks them, and then either halts the query or passes it on to MySQL proper. Then it returns the query results to the calling application. Currently only MySQL database is supported. This release includes a new version of firewall and a management application.

This is a major application release geared towards application stability, ease of use, performance increase and elimination of bugs.

This release includes a number of pre-build packages of popular operating systems. Supply packages for CentOS, Fedora, Mandriva, Red Hat, openSUSE, Ubuntu, and Debian.

List of changes:
1. Code optimization.
2. Fixed a number of bugs related to networking connectivity.
3. Extended support for specific MySQL SQL commands.
4. Ease of use.

New management version is numbered 0.5.0
New firewall version is numbered 1.0.0

Home: http://www.greensql.net

Download: http://www.greensql.net/download