By taking advantage of an SQL vulnerable web application, a user can use this software to perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
Compared to other SQL vulnerability scanners, Havij has a 95% success rate and has a very friendly user interface which makes it easier for every noob hacker to use.
What's New?
- Oracle error based database added with ability to execute query.
- Getting tables and column when database name is unknown added (mysql)
- Another method added for finding columns count and string column in PostgreSQL
- Automatic keyword finder optimized and some bugs fixed.
- A bug in finding valid string column in mysql fixed.
- 'Key is not unique' bug fixed
- Getting data starts from row 2 when All in One fails - bug fixed
- Run time error when finding keyword fixed.
- False table finding in access fixed.
- keyword correction method made better
- A bug in getting current data base in mssql fixed.
- A secondary method added when input value doesn't return a normal page (usually 404 not found)
- Data extraction bug in html-encoded pages fixed.
- String or integer type detection made better.
- A bug in https injection fixed.
You can go through the Tutorial of SQL injection with Havij from Here
0 comments:
Post a Comment