SQL Injection
SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations.
It is perhaps one of the most common application layer attack techniques used today.
Supported Databases with injection methods
Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
Full support for six SQL injection techniques
boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
Advanced detections
Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.
Heuristic detections
We can perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.
Leaving your website open to Attack?
70% of websites and networks are hackable!
Close shut your doors before hackers find you.