一些SQL注入的链接

韩小末

Blind MySQL injection and database stressing
     http://www.reversing.org/node/view/13

[  ] Using SQLBrute to brute force data from a blind SQL injection point
     http://www.justinclarke.com/archives/2006/03/sqlbrute.html

[  ] Advanced SQL Injection In SQL Server Applications - Chris Anley <chris@ngssoftware.com> [2002]
     http://www.nextgenss.com/papers/advanced_sql_injection.pdf

[  ] (more) Advanced SQL Injection - Chris Anley <chris@ngssoftware.com> [2002-06-18]
     http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf

[  ] SQL Injection, Are Your Web Applications Vulnerable? - SPI Dynamics [2004-10-29]
     http://www.securitydocs.com/library/2656
     http://www.securitydocs.com/link.php?action=detail&id=2656&headerfooter=no
     http://www.securitydocs.com/pdf/2656.PDF

[  ] Manipulating Microsoft SQL Server Using SQL Injection - Cesar Cerrudo <sqlsec@yahoo.com>
     http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf

[  ] Top 15 free SQL Injection Scanners
     http://www.security-hacks.com/2007/05/18/top-15-free-sql-injection-scanners

     SQLIer
     http://bcable.net/project.php?sqlier

     Sqlbftools
     http://www.reversing.org/node/view/11

     SQLibf
     http://www.open-labs.org/ (这里有一些HTTP相关的工具)

     SQL Brute
     http://www.gdssecurity.com/l/t.php

     BobCat
     http://www.northern-monkee.co.uk/index.html
     http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html

     sqlmap
     http://sqlmap.sourceforge.net/

     Absinthe
     http://www.0x90.org/releases/absinthe/
     http://www.0x90.org/releases/absinthe/download.php

     SQL Injection Pentesting TooL
     http://sqltool.itdefence.ru/indexeng.html
     http://sqltool.itdefence.ru/setup.rar

     SQID
     http://sqid.rubyforge.org/
     http://rubyforge.org/frs/?group_id=2617

     SQL Power Injector
     http://sourceforge.net/projects/spinj/
     http://www.sqlpowerinjector.com/

     FG-Injector Framework
     http://sourceforge.net/projects/injection-fwk/

     sqlninja
     http://sqlninja.sourceforge.net/

     Automagical SQL injector
     http://www.indianz.ch/tools/attack/automagic.zip

     NGSS SQL Injector
     http://www.indianz.ch/tools/attack/sqlinjector.zip

     ISR-sqlget
     http://www.infobyte.com.ar/
     http://www.infobyte.com.ar/down/ISR-sqlget-1.0.0.tar.gz
     http://www.infobyte.com.ar/down/ISR-sqlget-Readme.txt
     http://www.infobyte.com.ar/demo/ISR_sqlget_ISS_proventia_bypass.html

     ISR-Form
     http://www.infobyte.com.ar/down/ISR-form-v1.0.tar.gz

     BlindMap
     http://www.c0debreak.net/cb/main.html
     http://codebreak.uni.cc/cb/papers/blind.html
     http://codebreak.uni.cc/downloads/sql.zip
     http://external.c0debreak.net/files/sql.zip
     http://w4ck1ng.com/tools/sql/sql.zip

     BaKo's SQL Injection Scanner v2.2 - BaKo [2007-11-29]
     http://files.h4ck-y0u.org/3745771

[  ] Web application vulnerability scanner / security auditor
     http://wapiti.sourceforge.net/

[  ] w3af - Web Application Attack and Audit Framework
     http://w3af.sourceforge.net/

[  ] advanced web server fingerprinting
     http://www.computec.ch/projekte/httprecon/
     (有windows版)

[  ] http://chorizo-scanner.com/

[  ] OWASP SQLiX Project
     http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project