slackbuilds/network/sqlninja
Andrew Clemons 1ed9ef396d
network/sqlninja: Removed dep perl-IO-Socket-SSL.
Signed-off-by: Andrew Clemons <andrew.clemons@gmail.com>

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
2022-02-14 08:06:57 +07:00
..
README
doinst.sh
slack-desc
sqlninja.SlackBuild All: Support $PRINT_PACKAGE_NAME env var 2021-07-17 21:55:09 +02:00
sqlninja.info network/sqlninja: Removed dep perl-IO-Socket-SSL. 2022-02-14 08:06:57 +07:00
sqlninja.patch

README

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web
application that uses Microsoft SQL Server as its back-end. Its main goal is
to provide a remote access on the vulnerable DB server, even in a very hostile
environment. It should be used by penetration testers to help automate the
process of taking over a DB Server when a SQL Injection vulnerability has been
discovered.

Since version 0.2.5, sqlninja will upload .exe files by default instead of
.scr ones. If you want to upload .scr files instead, the original sqlninja
files are distributed inside /usr/lib$LIBDIRSUFFIX/sqlninja/scripts/ .

Raul Siles' patch for better Metasploit Framework interaction has been
discontinued since it was released for an old version of sqlninja only. The
patch added two new timers ($client_delay (30 secs) and $server_delay (5
secs)) to use within sqlninja. Since it could be still somehow handy it has
been included in the package documentation directory.