mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-24 10:02:29 +01:00
10f363f274
Signed-off-by: Erik Hanson <erik@slackbuilds.org> |
||
---|---|---|
.. | ||
doinst.sh | ||
README | ||
slack-desc | ||
sqlninja.info | ||
sqlninja.patch | ||
sqlninja.SlackBuild |
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. Since version 0.2.5, sqlninja will upload .exe files by default instead of .scr ones. If you want to upload .scr files instead, the original sqlninja files are distributed inside /usr/lib$LIBDIRSUFFIX/sqlninja/scripts/ . Raul Siles' patch for better Metasploit Framework interaction has been discontinued since it was released for an old version of sqlninja only. The patch added two new timers ($client_delay (30 secs) and $server_delay (5 secs)) to use within sqlninja. Since it could be still somehow handy it has been included in the package documentation directory. This requires perl-Net-DNS, perl-Net-Pcap, perl-IO-Socket-SSL, Net-SSLeay, perl-NetPacket, and perl-Net-RawIP.