SQL Power Injector

As a database administrator, you surely need to check your SQL scripts against vulnerabilities, so using a proper technique that allows you to insert malicious SQL statements into an entry field for execution is the most useful and practical way of checking your apps and code.

SQL injection must exploit a security vulnerability where malicious code is added into strings that are later passed to an instance of your database for parsing and execution.

SQL Power Injector proves to be an effective and intuitive software solution worth having when you need to find and exploit SQL injections on a webpage.

The main window of the application is intuitive and easy to handle, from where you can specify the URL address or load a specific page, choose the method you are interested in and configure the SQL settings the way you want.

You are able to perform any changes from the interface, as well as preview the generated results instantly. You are able to set the HTML message length and the number of threads.

Irrespective of the database you choose to work with, be it MS SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, you are able to automate tedious queries within seconds.

The application comes with support for two methods, namely POST and GET. In case you choose the POST method, you need to make sure that the URL address does not contain any query string variables, otherwise you need to select the GET method.

Another important aspect that makes SQL Power Injector stand out the box is the ability of getting all the parameters from the webpage you need to test. Other features worth mentioning are the possibility of creating, modifying or deleting loaded strings and cookies, detecting and browsing the framesets, finding the differences between the response page of a positive answer with a negative one, as well as detecting and adding cookies used during the Load Page process.

In closing, SQL injection enables you to inject malicious code into strings that are destined for storage in a table or as metadata and test your webpages and databases for security vulnerabilities.