blob: b891811c076c0f9cf617830db13d5757f3e2485b (plain
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web
application that uses Microsoft SQL Server as its back-end. Its main goal is
to provide a remote access on the vulnerable DB server, even in a very hostile
environment. It should be used by penetration testers to help automate the
process of taking over a DB Server when a SQL Injection vulnerability has been
Since version 0.2.5, sqlninja will upload .exe files by default instead of
.scr ones. If you want to upload .scr files instead, the original sqlninja
files are distributed inside /usr/lib$LIBDIRSUFFIX/sqlninja/scripts/ .
Raul Siles' patch for better Metasploit Framework interaction has been
discontinued since it was released for an old version of sqlninja only. The
patch added two new timers ($client_delay (30 secs) and $server_delay (5
secs)) to use within sqlninja. Since it could be still somehow handy it has
been included in the package documentation directory.
This requires perl-Net-DNS, perl-Net-Pcap, perl-IO-Socket-SSL, Net-SSLeay,
perl-NetPacket, and perl-Net-RawIP.