SqlInjector  was originally called as BlindSQLInjector. SqlInjector is an application  to perform completely blind SQL injection, that currently supports only MS SQL Server. It uses time based inference to determine true  or false conditions to extract data. The key feature is that it uses a binary search mechanism to reduce the character search address space, this means it can get each character value within 7 to 8 requests.

A simple screenshot:


Its features are:
  • Ability to export data
  • Binary search for faster character identification
  • Completely blind injection using time based inference
  • True/False inference
  • Supports MS SQL Server
  • Extracts database name
  • Extracts current user
  • Extracts server version
  • Extracts table names
  • Extracts column names
  • Extracts column data types
  • Extracts column lengths
  • Configurable space encoding
  • Configurable wait timing
  • Tree view display of enumerated data
  • Resume support
  • Save/Loading of project files
  • Proxy support
  • Authentication support (Basic, Negotiate, Digest, NTLM, X509)
Download SqlInjector v1.0.2 (SqlInjector.v.1.0.2.zip) here.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.