Posts Tagged ‘MySQL’

-Introducing The SQL Injection Vuln:
.SQL injection attacks are known also as SQL insertion
it’s in the form of executing some querys in the database and getting acces to informations (SQL Vesion, Number & Names of tables and columns,some authentification infos,ect…)


Project Description
Marathon Tool is a POC for using heavy queries to perform a Time-Based Blind SQL Injection attack. This tool is still work in progress but is right now in a very good alpha version to extract information from web applications using Microsoft SQL Server, Microsoft Access, MySQL or Oracle Databases.

Application Supported features:

  • Database Schema extraction from SQL Server, Oracle and MySQL
  • Data extraction from Microsoft Access 97/2000/2003/2007 databases
  • Parameter Injection using HTTP GET or POST
  • SSL support
  • HTTP proxy connection available
  • Authentication methods: Anonymous, Basic, Digest and NTLM
  • Variable and value insertion in cookies (Does not support dynamic values)
  • Configuration available an flexible for injections
  • Configurable Log

Reference Links

Configuration Section