17 lines
973 B
Plaintext
17 lines
973 B
Plaintext
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web
|
|
application that uses Microsoft SQL Server as its back-end. Its main goal is
|
|
to provide a remote access on the vulnerable DB server, even in a very hostile
|
|
environment. It should be used by penetration testers to help automate the
|
|
process of taking over a DB Server when a SQL Injection vulnerability has been
|
|
discovered.
|
|
|
|
Since version 0.2.5, sqlninja will upload .exe files by default instead of
|
|
.scr ones. If you want to upload .scr files instead, the original sqlninja
|
|
files are distributed inside /usr/lib$LIBDIRSUFFIX/sqlninja/scripts/ .
|
|
|
|
Raul Siles' patch for better Metasploit Framework interaction has been
|
|
discontinued since it was released for an old version of sqlninja only. The
|
|
patch added two new timers ($client_delay (30 secs) and $server_delay (5
|
|
secs)) to use within sqlninja. Since it could be still somehow handy it has
|
|
been included in the package documentation directory.
|