Squeeza: The SQL Injection Future?

During our talk we demo’d squeeza.. We will link to the slides and .ppt as soon as we can, but have been getting a few requests already for the code, so here it is..
For those who missed the talk, squeeza is a SQL Injection tool, that once given an entry point can simply a bunch of things. Its the first tool i know of that facilitates full binary file transfers (download from the remote SQL Server), database enumeration, etc via a number of channels (Currently via DNS, via HTTP Error messages and Via Timing).

During our talk we demo’d squeeza.. We will link to the slides and .ppt as soon as we can, but have been getting a few requests already for the code, so here it is..

For those who missed the talk, squeeza is a SQL Injection tool, that once given an entry point can simply a bunch of things. Its the first tool i know of that facilitates full binary file transfers (download from the remote SQL Server), database enumeration, etc via a number of channels (Currently via DNS, via HTTP Error messages and Via Timing).

Enough small talk.. Take it for a spin, and send feedback to research@sensepost.com.. We will give squeeza its place on /research when we get back from Vegas..

/mh

Original source