"SQLolis a configurable SQL injection testbed. It allows you to exploit SQL injection flaws, but furthermore allows a large amount of control over the manifestation of the flaw. The author thought about different data extraction techniques from SQL injection flaws and found that a vulnerability framework that includes SQLi verbose error extraction techniques was never found. To be precise, the author never came across a vulnerability framework that includes SQL injection in a DELETE query. So, with this aim in mind, SQLol was born, specifically for SQL injection flaws. It can be useful to those who know nothing about SQL injection, or those who know a bit of it. SQLol comes with a set of challenges which help you with performing some flavor of SQL injection and have pre-configured settings."
Options provided by SQLol:
- Type of query (SELECT, DELETE, INSERT, UPDATE, and custom)
- Location within query (String/Int in WHERE clause, column name, ORDER BY clause, etc.)
- Type and level of sanitization (Single quotes [remove, escape, double], keyword blacklist [three levels of difficulty], etc.)
- Level of query output (No rows, One row, All rows)
- Verbosity of error messages (No errors, Generic errors, Verbose errors)
- Visibility of query
- Injection string entry point
Download SQLol
0 comments:
Post a Comment