Friday, December 2, 2011

The Mole - New SQL injection tool+tutorial




The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.



Features 


Support for injections using Mysql, SQL Server, Postgres and Oracle databases.

Command line interface. Different commands trigger different actions.

Auto-completion for commands, command arguments and database, table and columns names.

Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.

Developed in python 3.

Download tutorial

Download Mole for Winodws

Download Mole for Linux


11 comments:

  1. I don't understand why when I run this program it is opened in CMD, but when i see a screenshot of the program like in the tut. it is in a own box with a tool-line with featues like "File" etc.

    How do I get that.

    In the vid where an anon uses the #refref he also has some kind of similar GUI.

    ReplyDelete
  2. Want to prove me with some URL's / websites that you know have SQL vulnerabilities?

    ReplyDelete
  3. @prayanthem : you can check my previous posts on sql injection vulnerable websites...you can also check my post on sql injection with Havij in which I have demonstrated the use of tool on a vulnerable website.

    ReplyDelete
  4. I ment provide* lol :D

    Anyways, I can't find any sites with vulnerabilities with the ' behind the URL, any other way, I didn't quite understand all you wrote on the other posts.

    ReplyDelete
  5. There is complete list of finding SQL vulnerabilities in website...visit this link...http://hackingalert.blogspot.com/2011/10/basic-sql-injection-tutorial-readers.html ...
    Apart from this and using tool, there is no other way to figure out if a site is vulnerable to sqli or not... I do have some websites vulnerable to sqli but I cant share it in public here...You can find a tutorial on my blog about vulnerability in celebrity websites. On of them is vulnerable to sqli...its upto you to find now.

    ReplyDelete
  6. I am not a programmer but I have this SQL subject this session and have to prepare for it. What all topics should be covered in it?
    And has anyone studied from this course www.wiziq.com/course/125-comprehensive-introduction-to-sql of SQL tutorial online?? or tell me any other guidance...
    would really appreciate help

    ReplyDelete
  7. Fantastic article ! You havemade some very astute statements and I appreciate the the effort you have put into your writing. Its clear that you know what you are writing about. I am excited to read more of your sites content.

    http://www.sqlservermasters.com/

    ReplyDelete
  8. .you must got a real facebook hacker hear

    http://hackxfbx.blogspot.in/

    OR

    do u wand a real facebook hacker pls click hear

    hack your friend fb account software free download

    ReplyDelete