sqladdict is an sql injection script with Integer based Injection & String Based Injection.
Database support:
+ MSSQL (Default)
+ MYSQL
+ POSTGRES
+ ORACLE
sqladdict v0.5
Requirement:
+ Metasploit
+ perl
Type of Injection :
0 is blind injection based on True and False responses
1 Blind injection based on True and Error responses
2 Injection in order by and group by
3 Extract data with SYS privileges[ORACLE dbms_export_extension exploit]
4 OS code execution [ORACLE dbms_export_extension exploit]
5 Read files [ORACLE dbms_export_extension exploit, based on java]
6 Code execution [ORACLE DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit]
7 Code execution [ORACLE SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), DBA Privs]
-cmd=revshell [Type 7 supports meterpreter payload execution, run generator.exe first]
-cmd=cleanup [run this after exiting metasploit session, it will clean up the traces]
8 OS code execution [ORACLE DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions]
-cmd=revshell [Type 8 supports meterpreter payload execution, run generator.exe first]
Script:
Source : https://github.com/madfedora