Date: 8 Dec 2004 18:01:00 +0200
From: SecuriTeam <support@securiteam.com.>
To: [email protected]Subject: [TOOL] Absinthe - Blind SQL Injection Tool
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Absinthe - Blind SQL Injection Tool
------------------------------------------------------------------------
SUMMARY
DETAILS
Absinthe is a GUI-based (GTK-Sharp) tool that automates the process of
downloading the schema & contents of a database that is vulnerable to
Blind SQL Injection.
It works by profiling response pages as true or false from known cases,
then moves on to identify unknowns as true or false. It was initially
presented at BlackHat USA 2004 and Defcon 12 (under the name "SQueaL").
The name has changed, and it is now open source.
Absinthe does not aid in the discovery of SQL Injection holes. This tool
will only speed up the process of data recovery.
Features:
* Automated SQL Injection
* Supports MS SQL Server, MSDE, Oracle, Postgres
* Cookies / Additional HTTP Headers
* Query Termination
* Additional text appended to queries
* Supports Use of Proxies / Proxy Rotation
* Multiple filters for page profiling
* Custom Delimiters
Download Information:
The tool can be downloaded from:
<http://www.0x90.org/releases/absinthe/Absinthe-1.1.tar.gz>;
http://www.0x90.org/releases/absinthe/Absinthe-1.1.tar.gz
ADDITIONAL INFORMATION
To keep updated with the tool visit the project's homepage at:
<http://www.0x90.org/releases/absinthe/>;
http://www.0x90.org/releases/absinthe/
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
