null column used for execute our SQL query. first of all we have to find null column (magic number). | -e sql injection end tag (default: "-") | | -d this option should not be used (default: | | -t table_name | | -c column_name (example: id,user,pass,email) | | -s SPACE code: +,/**/,%20 (default: "+") | | -f max field to get magic number (default: 123) | | -start row number to begin dumping data | | -stop row number to stop dumping | | -where your special dumping query | || | -info Get MySQL Information | | -dbase Concat Databases | | -table Concat Tables | | -column Concat Columns | | -tabcol Concat Tables with Columns | | -find Search Columns Name | | -magic Find Magic Number | | -dump Dump Data | | -brute Fuzzing Tables & Columns | || | -log file name to save ssdp data (default: ssdp.log) | | -p hostname:port | |-| noge]# perl -h |-|-| -| | Usage: perl | || | -u target with id parameter or sqli url with c0li string | SQL Injection - Operation System Function - Dump Database - Extract Database Schema - Search Columns Name - Read File (read only) - Create File (read only) - Brute Table & Column SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database. USE IT AT YOUR OWN RISK!! SSDp coded by Vrs-hCk ( anderantisecurityorg anderantisecurityorg ) SSDp How To by NoGe ( marioantisecurityorg marioantisecurityorg ) WE ARE NOT RESPONSIBLE OF ANY DAMAGE AND IMPROPERLY USE OF THIS TOOL. USE THIS TOOL FOR EDUCATION PURPOSE ONLY.
-Back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running custom SQL statements, suport save/load sessions to XML file.-Small browser you can use to Union Count, view source code and HTTP headers.-Database to collect all vulnerabilities (with option to search for data in mass).-Trash System (you never exploit the same URL).-Suport MySQL Union, MySQL Error, MS SQL Union, MS SQL Error Integer/String.-You can see everthing that is load by HTTP request (HTTP Debbuger).-Easy switch vulnerabilities to vulnerabilities.-Dumper can dump large data, with greats control of delay per request (multi-threading).-Dumper suport dumping data with multi-threading (databases/tables/columns/fetching data).-Automated search for columns names from a URL list (search for columns name 'where like %value%', useful to find eg.-Automated exploiting and analizing from a URL list, with a greats success rate.Online search engine (to find the trajects) The power of MySQLi Dumper that makes it different from similar tools:
0 kommentar(er)
