Technical Information
This section will discuss about the technical features of the product. It will be constantly updated with the new versions and the bug list.
Version 1.2 (Current version)
Fixes and added features
- Now support DB2 database
- Can create/edit ASCII characters preset in order to optimize the blind SQL injection number of requests/speed
- Can make the blind SQL injection case insensitive (useful with characters preset)
- New feature that will find the differences between the response page of a positive answer with a negative one
- Created a Firefox Plugin that will launch SQL Power Injector with all the current page context (string parameters and cookies)
- Created an extensive documentation used as a databases "Aide Memoire" that contains information related to SQL injection for each supported DBMS (System tables (with their column names and description), environment and session variables, functions, dangerous stored procs, etc...)
- Can create a range list that will replace the variable (<<@>>) inside a blind SQL injection string and automatically play them for you
- Automatic replaying a variable range with a predefined list from a text file
- New management console for Cookies used for the Load Page process
- Detect and add Cookies used during the Load Page process (Set-Cookie detection)
- Improved the User Interface to display contextual information (normal vs blind mode)
- New Datagrid has been added with the Cookies information, which can be injected in the same fashion than the String Parameter
- Improved the accuracy and reliability of the blind SQL injection results (if a character cannot be found it's replaced by the sun char (¤))
- Can edit the Referer
- View source now displays HTML in colors and can be customized in a XML file
- Can search in the View source
- Can choose an User-Agent from the menu (and even add new ones in the XML file)
- Threads are better managed and it's now possible to raise it to the number you wish (50 max in the application but can be changed in the source code)
- Can configure the application settings
- Support configurable proxies
- With SQL Server it is possible to use the TOP keyword
- Take in account the different syntax of MySQL 4.1.0 and lower with higher versions in the database list
- Various things redesigned and quality improvement
- Two integrated tools: Hex and Char encoder and MS SQL @options interpreter
- Problems when there is a Form tag inside another one (Bug fix)
- Bug with multi threads with cookies (Bug fix)
Version 1.1.1
Fixes and added features
- Now supported by Internet Explorer 7 (Bug fix)
Version 1.1
Fixes and added features
- Now support Sybase/Adaptive Server Enterprise
- No more (annoying) popup when there
are JavaScript errors while
loading the page - Page loading improved
- Detection of redirection, has moved,
refresh, "no form tags" and
frameset redesigned and improved - Improved the building of URL
- SSL support
- Detection and load of all the forms
- Detection and load of all IFrames
- Get the method type for each form
detected (prefix [GET] or [POST]
with color code) - If there is no explicit action in the
Form it automatically reuses
the current page (default browser behavior) - Added Select value, checkbox and textarea html object
- Http and Https clearer
- Option that auto detects the language of the web site
- Save and load sessions in a XML file
- Threads are better handled
- Check for updates implemented
- Percentage and progress bar for the blind SQL injection
- Send a IE6 User Agent to the requested web server
- Can be now installed on machines with
only the .Net Framework 2.0
installed - Various things redesigned and quality improvement
Version 1.0
Features
- Supported on Windows, Unix and Linux operating systems
- SQL Server, Oracle and MySQL compliant
- Load automatically the parameters on a web page (GET or POST)
- Find automatically the submit page
- Single SQL injection
- Blind SQL injection
- Comparison of true and false response of the page or results in the cookie
- Time delay
- Response of the SQL injection in a customized browser
- Fine tuning parameters injection
- Can parameterize the size of the length and count of the expected result to optimize the time taken by the application to execute the SQL injection
- Multithreading
- Option to replace space by empty comments /**/ against IDS or filter detection
- Automatically encode special characters before sending them
- Automatically detect predefined SQL errors in the response page
- Automatically detect a predefined word or sentence in the response page
- Real time result
- Possibility to inject an authentication cookie
- Can view the HTML code source of the returned page
- Detect automatically generic SQL error in the returned page
Version 1.1
Application will generate "The parameter is incorrect" error when launching
When launching, the application will display this error and many others if someone tries to load a page. It happens after the installation of Internet Explorer 7.
Cause: The small browser needs a library (SHDocVw.dll) provided by Internet Explorer and in the version 7 some of its behaviors have changed. Therefore, since I used it in SQL Power Injector to initialize pages it would obviously crash.
Workaround: Easy but annoying solution is to uninstall IE7 and reinstall IE6 until I provide the fix in the version 1.1.1. Second solution but hardest is to modify the source code to replace "http://about:blank" by "about:blank" only. You can find it inside axwbHtmlResult.Navigate("http://about:blank", ref o, ref o, ref o, ref o); line 3834 and axwbHtmlInitializor.Navigate("http://about:blank", ref ob, ref ob, ref ob, ref ob); line 3840. I didn't do any QA on this solution, I just know it worked for the few tests I did.
Current state: Fixed on version 1.1.1
Problems when there is a Form tag inside another one
When the application loads a page with a Form tag inside another one it will generate an error "Specified cast not valid". Or in some rare occasion it will succeed to load but will generate a message stating "Index was outside the bounds of the array" while hovering the Datagrid.
Cause: A Form tag cannot be inside another one, it's a bad design not compliant with the W3C. As a result, the faulty Form will be ignored by the browsers and all its inputs will be considered to belong to the parent Form tag. When SQL Power Injector tries to load that page the faulty Form tag will be interpreted as a IHTMLUnknownElement tag instead of a IHTMLFormElement and will cause the "Specified cast not valid".
Workaround: Save the page to your computer and remove the faulty Form tag. And reload it. In order to be able to load it by the application you need to have the file on a web server. Sorry about that workaround I know it's not great but I'm pretty sure you will not meet that problem really often...
Current state: Is fixed and available on version 1.2
Version 1.0
Application hanging after clicking on Start in Blind mode
Sometimes the application will hang while starting a blind injection.
Cause: It is believed to be due to the fact that the threads are not quite well managed by the OS.
Workaround: Exit the application and restart it.
Current state: Fixed on version 1.1
An error is generated after clicking on the status tabs
After the page has been loaded in some occasion the application will generate an error "Specified cast not valid" when the tabs in the status section is being click.
Cause: I'm looking at it, probably a silly error from my part...
Workaround: N/A
Current state: Fixed on version 1.1
Get an error "Object reference not set to an instance of an object" with the method FillGetDataArray
It happens when someone loaded a page with the POST first and got a message stating that there is no FORM tag in the web page and then the user select the GET option and click on Load Page button again.
Cause: Must look at it first.
Workaround: Exit the application and restart it. Then choose the GET option before clicking the Load Page button.
Current state: Fixed on version 1.1
Get an error "Object reference not set to an instance of an object" with the method FillLoadedPostDataArray
It happens when someone clicks on Load Page with POST selected. I never been able to reproduce this bug, so if anyone got it and can tell me what they did it would help a lot.
Cause: Until I can reproduce it, I can't tell... I tried to do the same thing than the one with FillGetDataArray and to no avail. I might figure out the logic while fixing the other problem.
Workaround: N/A
Current state: Fixed on version 1.1
Get an error "Object reference not set to an instance of an object" with the method LoadInitialURL while loading a page without any extension
This behavior would occur when someone is feeding the URL with a web page that has no extension (ex: http://foofoo/foo) and click on Load Page button. So far I wasn't able to reproduce the error, so I'm still looking.
Cause: Until I can reproduce it, I can't tell...
Workaround: N/A
Current state: Fixed on version 1.1
Failure to install SQL Power Injector with only the .Net framework 2.0 installed
If you have only .Net framework 2.0 installed your installation will fail.
Cause: It is a condition of the installation that is automatically set with the creation of .Net MSI.
Workaround: I can only suggest two crazy solutions... Use regmon and bypass the process of the framework version detection. Or install the .Net framework 1.1. I wouldn't advise on the last one... But it's still a workaround.
Current state: Fixed on version 1.1
Copyright © 2006-2014 Francois Larouche