There is a tool available for your hacker toolkit called Sqlninja. Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed. So far it has been successfully tested on:
- Mac OS X
Sqlninja does not run on Windows and they are not planning a port in the near future.
Sqlninja’s behaviour is controlled via the configuration file (default:
sqlninja.conf), which tells sqlninja what to attack and how (target host, vulnerable page, exploit strings, …), and some command line options, which tell sqlninja what action to perform. These command line options are the following:
- -m <attack mode> : specifies the attack mode. Basically, tells sqlninja what to do. Possible values are:
- -v : verbose output
- -f <configuration file> : specifies a configuration file to use.
- -p <‘sa’ password> : used in escalation mode to add current DB user to the sysadmin group, and in other modes to run the query as administrator, if the DB user does not belong to such group. This option is rarely used, as bruteforce mode by default adds the DB user to the sysadmin group when the ‘sa’ password is found. For more information about when to use this parameter, refer to the escalation mode
- -w <wordlist> : wordlist to use in bruteforce mode
- -g : combined with upload mode, generate debug script and exit
- -d <debug mode> : activates debug, to see what is going on under the hood. Possible values are:
- 1 : print each SQL command that is being injected
- 2 : print each HTTP request that is sent to the target
- 3 : print each HTTP response that is received from the target
- all : all of the above
You can get more information here.