How To SQL Inject: Havij Has An Update!

Other than the top shelf SQL injection tool SQLMap I have found Havij to be very effective in exploiting SQL injection vulnerabilities.

Imagine a hacker stealing all the data in your database and you not finding out for days, weeks, or months? This is the counterbalance, the counter weight to make sure that your database[s] are firmly protected. This tool takes you into the trenches, where cyber bullets fly and hacks abound. It will tell you if you are susceptible to exploits. Be sure to also use SQLMap as it is very comprehensive and does more than look for mortar shells and Glock bullets; it looks for the snipers.

Havij recently release an update, version 1.17, which provides the following additional functionality and bug fixes:

Version 1.17 2012/12/02
• ‘Injection’ tab added to the ‘Settings’ view.
• ‘Non-existent injection value’ now can be changed by user (default value is 999999.9).
• ‘Comment mark’ can be changed by user (default value is –).
• Disabling/enabling the log.
• ‘Advanced Evasion’ tab added to the ‘Settings’ view.
• Random signature generator added.
• New ability to save data as CSV.
• Dump all feature added.
• New bypass method for MySQL using parentheses.
• Write file added for MySQL and MySQL.
• Load HTML form inputs added.
• Bugfix: adding manual database in tables tree view.
• Bugfix: finding string column in PostgreSQL.
• Bugfix: MS Access blind string type data extraction.
• Bugfix: MSSQL blind auto detection when the MSSQL error-based method failed.
• Bugfix: all database blind methods failed on retry.
• Bugfix: guessing columns/tables in MySQL time-based injection method.
• Bugfix: crashing when dumping into file.
• Bugfix: loading project injection type (Integer or String).
• Bugfix: HTTPS multi-threading bug.
• Bugfix: command execution in MSSQL 2005

I have used this tool to draw/remove data from many databases. It is a tool worth checking out!

Jock

Jock Pereira | jockpereira.com | jockster@gmail.com | 978-666-4000

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s