Search Results for "sql injection attack"

... to inventory SQL Server attack surface and hunt for misconfigurations. PowerUpSQL can surface things like weak configuration flags, dangerous surface (for example, features that may enable code execution from SQL), credential material exposed in configuration, and cross-instance trust relationships such as linked servers. The codebase is implemented primarily in PowerShell, organized as a module with many discrete functions, and includes helper scripts and documentation for usage scenarios.

github: https://github.com/samedog/phpmvs

Squel is a JavaScript library for fluent and safe SQL query string building, usable both in Node.js environments and in the browser. Works in Node.js and in the browser. Supports the standard SQL queries: SELECT, UPDATE, INSERT, and DELETE. Supports non-standard commands for popular DB engines such as MySQL. Supports parameterized queries for safe value escaping. It can be customized to build any query or command of your choosing. Uses method chaining for ease of use.

MVProc is a Model-View-Controller module for Apache2 that facilitates using MySQL stored procedures as the controller element. NOTE: Version 2.1 is STABLE and currently in production use. NOTE: Versions 1.4+ are for Apache2.4 - in order to run on Apache2.2, replace request_rec->useragent_ip references with request_rec->connection->remote_ip (there are 3 in the source code)

Complete source code, usage example, & a code-generated test case are included in the .jar file. ( See main.java for the usage / code generation example )

Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

POP - Persistent Objects for PHP - is a library intended to make simple ORM for the main databases existent in the market - PostgreSQL, MS SQL, Oracle and MySQL. Complete OO and making use of PDO, it also secures your project against SQL Injection

This product is no longer maintained: The author created alternative tools: https://databunker.org/ and https://privacybunker.io/ GreenSQL is a database firewall engine used to protect Open Source Databases from SQL injection attacks. It works in proxy mode. Application logic is based on evaluating of SQL commands using risk score factors, as well as blocking of sensitive commands

Queryfish is a thin layer on top of JDBC. It aims to simplify database development in Java, especially creating prepared and callable statements and thus, assist developers to build secure applications without SQL injection vulnerabilities.

DSP stands for Data Server Pages, the APACHE HTTP server module, that provides PL/SQL Server scripting with variable injection preprocessor and features an efficient authorization and authentication framework on the Oracle database backend.

Libdejector is a database tool which defeats SQL injection attacks by performing context-free validation of queries. While written in C, SWIG wrappers exist for Python and other languages will be following soon.