Though manual sql injection is best but we may need to use tool for sql injection. When sql injection url don't show error message and we find it as a blind sql injection vulnerability then we use it. There are many tools in internet.
One of the best tool for blind sql injection is BSQLBF expanded as Blind Sql Injection Brute Forcer.
Supported Database:
back-end server to true & error (e.g syntax error) >>> Blind SQL Injection
Blind SQL Injection “order by” & “group by”
SYS privileges (ORACLE dbms_export_extension exploit ) >>> Find Data
O.S code execution (ORACLE dbms_export_extension exploit)
Read file (ORACLE dbms_export_extension exploit, java)
O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit
O.S code execution SYS.KUPP $PROC.CREATE_MASTER_PROCESS(), DBA Privs
O.S code execution DBMS_JAVA_TEST.FUNCALL, java IO Permissions
Download BSQLBF
One of the best tool for blind sql injection is BSQLBF expanded as Blind Sql Injection Brute Forcer.
Supported Database:
It supports 8 kind of attacking:
- MS-SQL
- MySQL
- PostgreSQL
- Oracle
back-end server to true & error (e.g syntax error) >>> Blind SQL Injection
Blind SQL Injection “order by” & “group by”
SYS privileges (ORACLE dbms_export_extension exploit ) >>> Find Data
O.S code execution (ORACLE dbms_export_extension exploit)
Read file (ORACLE dbms_export_extension exploit, java)
O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit
O.S code execution SYS.KUPP $PROC.CREATE_MASTER_PROCESS(), DBA Privs
O.S code execution DBMS_JAVA_TEST.FUNCALL, java IO Permissions
Download BSQLBF