This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections.
Databases supported:
- MS-SQL
- MySQL
- PostgreSQL
- Oracle
The 6 Attack Models
- Type 0: Blind SQL Injection based on true and false conditions returned by back-end server
- Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.
- Type 2: Blind SQL Injection in “order by” and “group by”.
- Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)
- Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)
- Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)
New additions
-type: Type of injection:
3: Type 3 is extracting data with DBA privileges
(e.g. Oracle password hashes from sys.user$)
4: Type 4 is O.S code execution(default: ping 127.0.0.1)
5: Type 5 is Reading O.S files(default: c:\boot.ini)
Type 4 (O.S code execution) supports the following sub types:
-stype: How you want to execute command:
0: SType 0 (default) is based on java,
universal but won’t work against XE
1: SType 1 against oracle 9 with plsql_native_make_utility
2: SType 2 against oracle 10 with dbms_scheduler
You can download bsqlbf v2.3 here:
Or read more here.
