Pentesting with the SQLi Dumper v8 Tool

August 23, 2016 | Views: 50090

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

SQLi Dumper v8 is an excellent, advanced, automatic SQL injection tool for testing links that may contain SQL injection problems in Windows.

Download link: https://userscloud.com/gn4q6dozavla

A good  tutorial by the Anon Angel team: http://anonangelteam.blogspot.co.uk/2015/04/how-to-use-sqli-dumper-v80-powerful.html

 

This tool is more powerful than the famous Havij SQL injection and has many features including:

-Supports Multi. Online search engine (to find the trajects);
-Automated exploiting and analyzing from a URL list;
-Automated search for data in a bulk URL list;
-Automated analyzer for injections points using URL, POST, Cookies, UserLogin or UserPassword;
-Dumper supports dumping data with multi-threading (databases/tables/columns/fetching data);
-Exploiter supports up to 100x threads;
-Analyzer and Dumper supports up to 50x threads;
-Advanced WAF bypass methods;
-Advanced custom query box;
-Dumper can dump large amounts of data, with greats control of delay each request (multi-threading);
-Easy switch vulnerabilities to vulnerabilities;
-Supports proxies list;
-GeoIP database;
-Internal database;
-Trash System;
-Admin login finder;
-Hash online cracker;
-Reverse IP;
-Standalone .exe (no install).

 

The SQL Injection Methods that are supported include:

– MySQL
– Union (Integer / String)
– Error (Integer / String)
** Error Methods:
– Double Query
– XPATH – ExtractValue
– XPATH – UpdateXML
– Brute Forcing
– Blind
– Load File
– Load File Scanner
** Illegal Mix Of Collations:
– UnHexHex()
– Binary()
– Cast As Char
– Compress(Uncompress())
– Convert Using utf8
– Convert Using latin1
– Aes_decrypt(aes_encrypt())
– MS SQL
– Union (Integer / String)
– Error (Integer / String)
** Illegal Mix Of Collations:
– SQL_Latin1;
– Cast As Char.
– Oracle
– Union (Integer / String)
– Error (Integer / String)
** Error Methods:
– GET_HOST_ADDRESS
– DRITHSX.SN
– GET;APPINGXPATH.
** Illegal Mix Of Collations:
– Cast As Char.
** Suports TOP N Types:
– ROWUM
– RANK()
– DESE_RANK()
** Analizer detects also:
– MS Access
– PostgredSQL
– Sybase

 

I wanted to use its dork scanner feature for a specific website, not a random search. But, how?

Use this dork in a dork scanner:

.aspx? & site:samplesite.com
.php?  & site:samplesite.com
.asp?  & site:samplesite.com
.pl?   & site:samplesite.com
.jsp?  & site:samplesite.com

And, it simply fetches the links and automatically scans for SQL injection in those links.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
11 Comments
  1. man u are a idiot,this tool is full of trojan thank to u. im forgetting sqli dumper that you uesd had 29 different virus 🙂 enjoy

  2. Actually it takes me somewhere different each time. Last 2 times it tried to install Chrome extensions.

  3. When I click the download from my Mac it downloads FlashPlayer.dmg. Why would I need that to download this tool. I know FlashPlayer commonly faked.

  4. better to run this in VMW/SandBoxie

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel