Fugitif
21.11.2007, 00:43
Exploiter is a tool that demonstrates how SQL Injection vulnerabilities in a Web Application can be exploited to retrieve database information such as usernames, passwords, credit card numbers etc.
# Exploiter is capable of using a single SQL Injection (SQLi) vulnerability to extract an entire database.
# Exploiter does not find SQL Injection vulnerabilities. You need to use a tool such as Watchfire AppScan for that.
# Supported databases:
1. SQL Server
2. MS Access
3. Oracle
Supports 3 methods of exploit:
1. Using SQL Convert
2. Using SQL Union
3. Blind SQL Injection
# Supports SSL and multi threading.
# Can run as standalone, or as an eXtension of AppScan. As an eXtension, it will automatically load all SQLi requests from AppScan.
# Performs brute force search if it fails to extract table or column names; this is mainly used for MS Access.
Video Demonstration:
http://download.watchfire.com/ExploiterDemo/index.htm
Download: Exploiter Extension
http://axf.watchfire.com/extensions/Exploiter-1.0-Bin.zip
Edit:
More Info From Home Page :
http://axf.watchfire.com/extensions/exploiter.aspx
# Exploiter is capable of using a single SQL Injection (SQLi) vulnerability to extract an entire database.
# Exploiter does not find SQL Injection vulnerabilities. You need to use a tool such as Watchfire AppScan for that.
# Supported databases:
1. SQL Server
2. MS Access
3. Oracle
Supports 3 methods of exploit:
1. Using SQL Convert
2. Using SQL Union
3. Blind SQL Injection
# Supports SSL and multi threading.
# Can run as standalone, or as an eXtension of AppScan. As an eXtension, it will automatically load all SQLi requests from AppScan.
# Performs brute force search if it fails to extract table or column names; this is mainly used for MS Access.
Video Demonstration:
http://download.watchfire.com/ExploiterDemo/index.htm
Download: Exploiter Extension
http://axf.watchfire.com/extensions/Exploiter-1.0-Bin.zip
Edit:
More Info From Home Page :
http://axf.watchfire.com/extensions/exploiter.aspx