The Hacker News Logo
Subscribe to Newsletter

The Mole v0.3 Released : Automatic SQL Injection Exploitation Tool

The Mole v0.3 Released : Automatic SQL Injection Exploitation Tool

Nasel has just released the new version of The Mole, an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

This release has introduced new features compared with the previous one, among these you can find that The Mole is now able to exploit injections thourgh cookie parameters. A new promising feature is that now you can exploit injections that return binary data, to achieve this the mole uses uses HEAD requests and analyzes the headers received (the size of the binary to download usually differs when the query was successful or not) and does not need to download the full binary data.

In this release there has been a major change in the The Mole's architecture, and now allows to easily insert filters in order to bypass IPS/IDS rules or modify the query on runtime. You can see a tutorial on how to write these filters in the tutorial section of the tool's site.

Feature:
  • Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
  • Command line interface. Different commands trigger different actions.
  • Auto-completion for commands, command arguments and database, table and columns names.
  • Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
  • Exploits SQL Injections through GET/POST/Cookie parameters.
  • Developed in python 3.
  • Exploits SQL Injections that return binary data.
  • Powerful command interpreter to simplify its usage.
Tutorial link: Tutorial

Submitted by: Santiago Alessandri

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.