لسلام عليكم ورحمة الله وبركآإتـة ..~
بعد بحث طويل عن مثل هذه الادوات وجدت هذه الاداة الجميلة التي تبحث عن المواقع المصابة
لذلك قررت وضعها هنا
تعال نشوف البرنامج استغلال الثغرات
SQL Power Injector 1.2
هاذي هي بعض مواصفاته
Features:
Supported on Windows, Unix and Linux operating systems
SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant
SSL support
* Load automatically the parameters from a form or a ****** on a *** page (GET or POST)
Detect and browse the framesets
Option that auto detects the ******** of the *** site
Detect and add ******s used during the Load Page process (Set-****** detection)
Find automatically the submit page(s) with its method (GET or POST) displayed in a different color
Can create/modify/delete loaded string and ******s parameters directly in the Datagrids
Single SQL injection
Blind SQL injection
o Comparison of true and false response of the page or results in the ******
o Time delay
Response of the SQL injection in a customized browser
Can view the HTML code source of the returned page in HTML con****ual colors and search in it
Fine tuning parameters and ******s injection
Can parameterize the size of the length and count of the expected result to optimize the time taken by the application to execute the SQL injection
Create/edit ASCII characters preset in order to optimize the blind SQL injection number of requests/speed
Multithreading (configurable up to 50)
Option to replace space by empty comments /**/ against IDS or filter detection
Automatically encode special characters before sending them
Automatically detect predefined SQL errors in the response page
Automatically detect a predefined word or sentence in the response page
Real time result
Save and load sessions in a XML file
Feature that automatically finds the differences between the response page of a positive answer with a negative one
Can create a range list that will replace the variable (<<@>>) inside a blind SQL injection string and automatically play them for you
Automatic replaying a variable range with a predefined list from a **** file
Firefox plugin that will launch SQL Power Injector with all the information of the current ***page with its session con**** (parameters and ******s)
Two integrated tools: Hex and Char encoder and MS SQL @options interpreter
Can edit the Referer
Can choose a User-Agent (or even create one in the User-Agent XML file)
Can configure the application with the settings window
Support configurable proxies
