Automatic dump database & interactive sql shell tool dumps the current database structure including tables and columns and turns into an interactive mysql prompt with extra features.
Sqlcake is written in ruby, you can find ruby here
You can download sqlcake from here
Sytax : ruby sqlcake.rb -u target -p target parameter [options] [special commands]
Options :
-u : target URI (ex : www.site.com/home/php?val=5)
-p : target parameter (ex : val)
-e : error string for union selection
-d : error escape string
-b : use blind sql injection mode
-f file : write data to output file
-x : skip database dump
Special commands :
hex:[str] : hex a string for magic quotes bypassing
dropshell:[str] : drops a php shell
dump:[str] : to dump a specific table
blind:[on/off] : toggle blind sql injection mode
Example :
ruby sqlcake.rb -u www.site.com/home/php?val=5&id=3 -p id
Target = www.site.com/home/php?val=5&id=3
Param = id
ruby sqlcake.rb -u www.site.com/home/php?val=5&id=3 -p val -b
Target = www.site.com/home/php?val=5&id=3
Param = val
Bind = Yes
For more informations about sqlcake type : ruby sqlcake.rb
If you have a problem or you need some explanations just write under this post!
No comments:
Post a Comment