Critical Flaws in ‘OXID eShop’ Software Expose eCommerce Sites to Hacking

If your e-commerce website runs on the OXID eShop platform, you need to update it immediately to prevent your site from becoming compromised.

Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce softwar… Continue reading Critical Flaws in ‘OXID eShop’ Software Expose eCommerce Sites to Hacking

SQLiv – SQL Injection Dork Scanning Tool

SQLiv – SQL Injection Dork Scanning Tool

SQLiv is a Python-based massive SQL Injection dork scanning tool which uses Google, Bing or Yahoo for targetted scanning, multiple-domain scanning or reverse domain scanning.

SQLiv Massive SQL Injection Scanner Features

Both the SQLi scanning and domain info checking are done in a multiprocess manner so the script is super fast at scanning a lot of URLs. It’s a fairly new tool and there are plans for more features and to add support for other search engines like DuckDuckGo.

Read the rest of SQLiv – SQL Injection Dork Scanning Tool now! Only available at Darknet.

Continue reading SQLiv – SQL Injection Dork Scanning Tool

BSQLinjector – Blind SQL Injection Tool Download in Ruby

BSQLinjector – Blind SQL Injection Tool Download in Ruby

BSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases. The download is below.

The author recommends using the “–test” switch to clearly see how configured payload looks like before sending it to an application.

What is Blind SQL Injection?

Blind SQL Injection is a type of SQL Injection (SQLi) attack that asks the database true or false questions and determines the answer based on the application’s response.

Read the rest of BSQLinjector – Blind SQL Injection Tool Download in Ruby now! Only available at Darknet.

Continue reading BSQLinjector – Blind SQL Injection Tool Download in Ruby

jSQL – Automatic SQL Injection Tool In Java

jSQL is an automatic SQL Injection tool written in Java, it’s lightweight and supports 23 kinds of database. It is free, open source and cross-platform (Windows, Linux, Mac OS X) and is easily available in Kali, Pentest Box, Parrot Security OS, ArchStrike or BlackArch Linux. Features Automatic injection of 23 kinds of databases: Access CockroachDB…

Read the full post at darknet.org.uk

Continue reading jSQL – Automatic SQL Injection Tool In Java

Katyusha Scanner — Telegram-based Fully Automated SQL Injection Tool

A new powerful hacking tool recently introduced in an underground forum is making rounds these days, allowing anyone to rapidly conduct website scans for SQL injection flaws on a massive scale — all controlled from a smartphone using the Telegram messaging application.

Dubbed Katyusha Scanner, the fully automated powerful SQLi vulnerability scanner was first surfaced in April this year when a

Continue reading Katyusha Scanner — Telegram-based Fully Automated SQL Injection Tool