MiniMysqlat0r-en

Back  Español

MiniMysqlat0r

Phase(s):

Primary: Discovery.
Secondary: Exploitation.

Description:

Tool that help identifying SQL Injection vulnerabilities within the web application using MySQL databases.

Objective:

• Detect SQL Injection vulnerabilities focused on MySQL databases.
• Gather the web application URLs.
• Exploit the identified vulnerabilities.

Features:

Supported technologies: Web applications (HTTP/HTTPS) with a MySQL database backend (versions prior to 5.0).

Operative mode: Active.

Detect SQL Injection vulnerabilities focused on MySQL databases.

• Provides information about the exploited vulnerability such as: table names, column names, etc.

  Gather the web application URLs.

  • Provides a URLs and parameters list from a spidering on the web application.

    Exploit the identified vulnerabilities.

    • Provides several exploitation cases (payloads).

      Reports:
      Output reports: X

      • Results only present on the GUI thus it’s required to copy them manually.

        Basic usage:

        Perform a basic scan an exploitation of a SQL Injection vulnerability. Start the tool and on the “Crawler” tab provide the web application URL address to be scanned and press on the “Start Crawling” button.

        The tool will create a tree-diagram site map from the web application URLs.

        In the “Sql Injection finder” tab select the required URL to be included on the scan for SQL Injection vulnerabilities and then press the “Test parameters for Sql Injection” to begin the scan. Once completed, the tool will display the message “Finished” on the lower bar.

        In the “Sql exploiter”, the tool loads he URL and parameters detected; provide the required data and press the “Exploit!..” button.

        Finally, the results will be displayed.

        Resources:

        Link: http://www.scrt.ch/en/attack/downloads/mini-mysqlat0r.
        Author(s): SCRT Information Security.
        Contact: info [at] scrt.ch.
        License: GPL.