GoldenSunKing Posted March 30, 2014 Share Posted March 30, 2014 Currently working on writing a report on the various SQL injection tools available, trying to work with the tool BBQSQL (https://github.com/Neohapsis/bbqsql)%C2'> for blind injection but I am really struggling to integrate the custom tags the tool uses into an attack statement for table extraction, offing a small tip (10$) if anyone can show me an example of successful usage on one of the various test beds available(or a custom script) Peace people Quote Link to comment Share on other sites More sharing options...
cooper Posted March 30, 2014 Share Posted March 30, 2014 All I can find is the slides of the Defcon 20 presentation they gave and the tool has been dead in the water ever since. From the looks of it the tool is aimed at making exploiting sql injection, hardly rocket science in my probably not very humble opinion, easier. Seems the world at large agrees with me. The company they're with doesn't look particularly promising either. They're still hiring but there's no mention at all of the tool they used to reach for the limelight. I get the distinct impression it was a pr stunt, they got called on it, proved it wasn't the silver bullet they claimed and they're now in the slow, painful process of being forgotten. I'm guessing the tool was poc code at best and unless you know both Python and an existing sql injection vulnerability out there to point this naughty boy at, to not bother. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.