CIP Cyber

Log In
Menu
Log In
  • Opinion
  • Product Reviews
  • Industrial Cybersecurity
  • Videos

SQLsus – MySql Injection Tutorial

Table of Contents

SQL injection is the most common and most dangerous web application hacking technique in SQL injection a hacker take advantages of misconfiguration and poor coding of SQL. SQL injection will take an attacker to the important database that might contain credit card information, administrative information and more. There are so many tools are available for SQL injection, you can use w3af, nikto and others to find the sql vulnerability on a web application. Backtrack 5 also contain so many tools like sqlmap.

What Is SQLsus?

sqlsus is an open source MySQL injection and takeover tool, written in perl.
Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much more… 
 
Whenever relevant, sqlsus will mimic a MySQL console output.sqlsus focuses on speed and efficiency, optimising the available injection space, making the best use (I can think of) of MySQL functions. 
 
It uses stacked subqueries and an powerful blind injection algorithm to maximise the data gathered per web server hit. Using multithreading on top of that, sqlsus is an extremely fast database dumper, be it for inband or blind injection. 
 
If the privileges are high enough, sqlsus will be a great help for uploading a backdoor through the injection point, and takeover the web server.
It uses SQLite as a backend, for an easier use of what has been dumped, and integrates a lot of usual features (see below) such as cookie support, socks/http proxying, https.

Download

SQLsus- MySQL injection Tutorial

takeover : MySQL 4, quotes allowed, FILE privilege, inband injection.
inband : MySQL 5, no quotes allowed, inband injection.

blind : MySQL 5, no quotes allowed, blind injection.





Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Opinion

Password Cyberattack: Everything You Need to Know

November 7, 2023

Industrial Cybersecurity

Cybersecurity Awareness Month: Spotlight on ICS/OT Security

September 28, 2023

Opinion

How to Protect IoT Devices in Critical Infrastructure Networks

September 15, 2023

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training

Related Articles

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training