SQL injection is a standout amongst the most widely recognized attacks against web applications. Its assault comprises of insertion or “injection” of a SQL query by means of the information from the customer to the application. An effective SQL injections endeavor can read delicate information from the database, alter database information (Insert/Update/Delete), execute organization tasks on the database, (for example, shutdown the DBMS), recoup the substance of a given document display on the DBMS record framework and now and again issue commands to the working operating system.
A fruitful SQL injections assault can read delicate server information like passwords, email, username, and so forth. SQL injection can be exceptionally destructive.
Also Read Microsoft Windows Hacking Pack – WHP
This is a rundown of the best and most mainstream injection tools:
- SQLMap – Automatic SQL Injection And Database Takeover Tool
- jSQL Injection – Java Tool For Automatic SQL Database Injection
- BBQSQL – A Blind SQL-Injection Exploitation Tool
- NoSQLMap – Automated NoSQL Database Pwnage
- Whitewidow – SQL Vulnerability Scanner
- DSSS – Damn Small SQLi Scanner
- explo – Human And Machine Readable Web Vulnerability Testing Format
- Blind-Sql-Bitshifting – Blind SQL-Injection via Bitshifting
- Leviathan – Wide Range Mass Audit Toolkit
- Blisqy – Exploit Time-based blind-SQL-injection in HTTP-Headers (MySQL/MariaDB)