sqlsus v0.7.2 Released
sqlsus is an open source MySQL injection and takeover tool, written in perl.
Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much more.
Changelog v0.7.2
- Fixed a bug in the progress display where the number of items to be fetched was incorrectly reported in inband with LIMIT x,y clauses (e.g. resuming a “clone” command).
- Fixed the display of “autoconf max_sendable” so that it won’t show on multiple lines on terminals wrapping at 80 chars.
- Fixed the cutting queries regex which was misbehaving when the last column of a table was named after a SQL SELECT end keyword.
- On inband mode, sqlsus now discards MySQL errors in the HTML if it finds the expected results anyway.
- Setting variable “proxy” to an erroneous value will throw an error and unload the proxy settings.
Download sqlsus v0.7.2