[Full-disclosure] [tool] sqlsus 0.3 released !
sativouf at gmail.com
Mon Apr 6 01:10:47 BST 2009
A new version of sqlsus has been released and is available at
You will find on the website a description of the features, along with
some documentation and flash demos showing how the tool can be used.
sqlsus is a MySQL injection and takeover tool, written in perl.
Via a command line interface that mimics a mysql console, you can
retrieve the database structure / contents, inject a SQL query,
download files from the web server, upload and control a backdoor, and
It is designed to maximize the amount of data gathered per web server
hit, making the best use (I can think of) of MySQL functions to
optimize the available injection space.
sqlsus is focused on PHP/MySQL installations, and integrates some neat
features, some of which are really specific to this DBMS.
- Full SQLite backend, storing queries / results as they come,
databases structure, variables... into a local SQLite database.
- Added "clone" command to clone some columns, a table, or the full
database into a local SQLite database.
- "clone" has a resume ability, allowing to continue accross sessions.
- Rewrite of the blind injection engine (A LOT faster now):
- keep all the threads busy with micro tasks (huge speed improvement)
- regular expression matching for each item, prior to bruteforcing
(huge drop in the number of hits required)
- progress meter
- Added cookie support.
- Possibility to change the current database ("use xxxx"), and still
be able to use all the commands transparently
- Better query shortening, allowing even more data to be fetched per server hit.
- Got rid of IPC::Shareable, using socketpair() instead.
- Use of BINARY for inband injections, to avoid collation issues.
- Inband injection is now only contained in subqueries, to allow more
complex sql injection scenarios.
The full CHANGELOG can be found in the tarball or at
Download and enjoy :)
Full-Disclosure is hosted and sponsored by Secunia.