SQL injection is a security exploit in which an attacker injects SQL parameters into a Web form, allowing him or her to send database queries and ultimately gain access. SQL injection is not a direct database problem but rather an application issue that indirectly affects your database systems. There are several web application vulnerability scanners to see if any input filtering or other SQL injection-specific holes exist.
SQLFury is the worlds first free online SQL Injection scanner. It is a developer tool written for the Adobe AIR runtime, this application performs SQL injection scans of a target website to identify any SQL injection vulnerabilities. SQLFury utilises blind or inband SQL injection techniques to identify vulnerable targets. If vulnerabilities are found options will be given to extract information from the database using the compromised parameter.
SQLFury works by appending your own SQL statements to a parameter which is not correctly sanitised on the server. Given a parameter with SQL injection vulnerablities SQLFury can extract, Database version, Current database user, database name, table names, columns names and entire columns.
Here are some key features of “SQLFury”:
• Microsoft SQL Server
Extract from database:
• Database version.
• Current database user.
• All database users.
• Database name.
• All database names.
• All table names.
• All columns names.
• Entire columns.
Get SQLFury and test it to see for yourself just how useful it can be for you.