Jump to content

BBQSQL - Example Usage - Tip offered


Recommended Posts

Currently working on writing a report on the various SQL injection tools available, trying to work with the tool BBQSQL (https://github.com/Neohapsis/bbqsql)%C2'> for blind injection but I am really struggling to integrate the custom tags the tool uses into an attack statement for table extraction, offing a small tip (10$) if anyone can show me an example of successful usage on one of the various test beds available(or a custom script)

Peace people

Link to comment
Share on other sites

All I can find is the slides of the Defcon 20 presentation they gave and the tool has been dead in the water ever since.

From the looks of it the tool is aimed at making exploiting sql injection, hardly rocket science in my probably not very humble opinion, easier. Seems the world at large agrees with me.

The company they're with doesn't look particularly promising either. They're still hiring but there's no mention at all of the tool they used to reach for the limelight. I get the distinct impression it was a pr stunt, they got called on it, proved it wasn't the silver bullet they claimed and they're now in the slow, painful process of being forgotten.

I'm guessing the tool was poc code at best and unless you know both Python and an existing sql injection vulnerability out there to point this naughty boy at, to not bother.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...