The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.
Features
-Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
-Command line interface. Different commands trigger different actions.
-Auto-completion for commands, command arguments and database, table and columns names.
-Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
-Exploits SQL Injections through GET/POST/Cookie parameters.
-Developed in python 3.
-Exploits SQL Injections that return binary data.
-Powerful command interpreter to simplify its usage.
First of all download themole from official website here
Now we need python 3 and lxml library.
Now for run move into directory themole (cd..) and type : ./mole.py
Now type:
1) url www.website.com/index.php?pag=1
2) needle pag (pag is the parameter vulnerable in url)
3) schemas
4) tables dbname
5) columns dbname tablename
6) query dbname tablename column1,column2,column3...
For more information click here
If you have a problem or you need some explanations just write under this post!
No comments:
Post a Comment