最近在找Linux下的Sql注入软件,以前只用过Sqlmap,今天尝试了一下Sqlninja,这款软件的简介:
Sqlninja’s goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv2.
There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network. In a nutshell, here’s what it does:
阅读全文
