SQL injection is the biggest threat for database, website administrator must consider this threat and they must check their website for this vulnerability, penetration testing on a web application requires some automation so the automatic tools are the great choice.
As discussed so many different automatic tools for doing a penetration testing on web application this time we’ll consider SQL power Injector.
SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page.
For now it is SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode). Indeed, the normal mode is basically the SQL command that someone will put in the parameter sent to the server.
- Supported on Windows, Unix and Linux operating systems
- SQL Server, Oracle, MySQL and Sybase/Adaptive Server compliant
- Single SQL injection
- Blind SQL injection
- Response of the SQL injection in a customized browser
- Automatically detect predefined SQL errors in the response page
- Save and load sessions in a XML file