Description: Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on ...

Havij v1.14 Advanced SQL Injection

Tuesday, January 18, 2011 Sensei Fedon 0 Comments

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.


What's New?
  • Sybase (ASE) database added.
  • Sybase (ASE) Blind database added.
  • Time based method for MsSQL added.
  • Time based method for MySQL added.
  • mod_security bypass added.
  • Pause button added.
  • Basic authentication added
  • Digest authentication added.
  • Post Data field added
  • bugs related with dot character in database name fixed
  • syntax over writing when defined by user in blind injections fixed.
  • mssql database detection from error when using JDBC driver corrected.
  • time out bug in md5 cracker fixed.
  • default value bug fixed
  • string encode bug fixed in PostgreSQL
  • injecting URL rewrite pages added.
  • injecting into any part of http request like Cookie, User-Agent, Referer, etc made available
  • a bug in finding string column fixed. (specially for MySQL)
  • Finding columns count in mysql when input value is non effective added.
  • window resize bug in custom DPI setting fixed.
  • some bugs in finding row count fixed.
  • getting database name in mssql error based when injection type is guessed integer but it's string fixed.



Items
Free version Commercial version
1. Supported Databases with injection methods:    
          MsSQL 2000/2005 with error
          MsSQL 2000/2005 no error union based
          MsSQL Blind
          MySQL time based
          MySQL union based
          MySQL Blind
          MySQL error based
          MySQL time based
          Oracle union based
          Oracle error based
          PostgreSQL union based
          MsAccess union based
          MsAccess Blind
          Sybase (ASE)
          Sybase (ASE) Blind
2. HTTPS Support
3. Proxy support
4. Automatic database detection
5. Automatic type detection (string or integer)
6. Automatic keyword detection (finding difference between the positive and negative response)
7. Trying different injection syntaxes
8. Options for replacing space by /**/,+,... against IDS or filters
9. Avoid using strings (magic_quotes similar filters bypass)
10. Manual injection syntax support
11. Manual queries with result
12. Bypassing illegal union
13. Full customizable http headers (like referer,user agent and ...)
14. Load cookie from site for authentication
15. Http Basic and Digest authentication
16. Injecting URL rewrite pages
17. Bypassing mod_security web application firewall and similar firewalls
18. Real time result
19. Guessing tables and columns in mysql<5 (also in blind) and MsAccess
20. Fast getting tables and columns for mysql
21. Executing SQL query in Oracle database
22. Getting one row in one request (all in one request)
23. Dumping data into file
24. Saving data as XML format
25. View every injection request sent by program
26. Enabling xp_cmdshell and remote desktop
27. Multi thread Admin page finder
28. Multi thread Online MD5 cracker
29. Getting DBMS Informations
30. Getting tables, columns and data
31. Command executation (mssql only)
32. Reading system files (mysql only)
33. insert/update/delete data
 

This tool is for exploiting SQL Injection bugs in web application.
For using this tool you should know a little about SQL Injections.
Enter target url and select http method then click Analyze.
Note: Try to url be valid input that returns a normal page not a 404 or error page.

0 comments: