SQL注入的链接(收藏)
[ ] Blind MySQL injection and database stressing
http://www.reversing.org/node/view/13
[ ] Using SQLBrute to brute force data from a blind SQL injection point
http://www.justinclarke.com/archives/2006/03/sqlbrute.html
[ ] Advanced SQL Injection In SQL Server Applications - Chris Anley <chris@ngssoftware.com> [2002]
http://www.nextgenss.com/papers/advanced_sql_injection.pdf
[ ] (more) Advanced SQL Injection - Chris Anley <chris@ngssoftware.com> [2002-06-18]
http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf
[ ] SQL Injection, Are Your Web Applications Vulnerable? - SPI Dynamics [2004-10-29]
http://www.securitydocs.com/library/2656
http://www.securitydocs.com/link.php?action=detail&id=2656&headerfooter=no
http://www.securitydocs.com/pdf/2656.PDF
[ ] Manipulating Microsoft SQL Server Using SQL Injection - Cesar Cerrudo <sqlsec@yahoo.com>
http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf
[ ] Top 15 free SQL Injection Scanners
http://www.security-hacks.com/2007/05/18/top-15-free-sql-injection-scanners
SQLIer
http://bcable.net/project.php?sqlier
Sqlbftools
http://www.reversing.org/node/view/11
SQLibf
http://www.open-labs.org/ (这里有一些HTTP相关的工具)
SQL Brute
http://www.gdssecurity.com/l/t.php
BobCat
http://www.northern-monkee.co.uk/index.html
http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html
sqlmap
http://sqlmap.sourceforge.net/
Absinthe
http://www.0x90.org/releases/absinthe/
http://www.0x90.org/releases/absinthe/download.php
SQL Injection Pentesting TooL
http://sqltool.itdefence.ru/indexeng.html
http://sqltool.itdefence.ru/setup.rar
SQID
http://sqid.rubyforge.org/
http://rubyforge.org/frs/?group_id=2617
SQL Power Injector
http://sourceforge.net/projects/spinj/
http://www.sqlpowerinjector.com/
FG-Injector Framework
http://sourceforge.net/projects/injection-fwk/
sqlninja
http://sqlninja.sourceforge.net/
Automagical SQL injector
http://www.indianz.ch/tools/attack/automagic.zip
NGSS SQL Injector
http://www.indianz.ch/tools/attack/sqlinjector.zip
ISR-sqlget
http://www.infobyte.com.ar/
http://www.infobyte.com.ar/down/ISR-sqlget-1.0.0.tar.gz
http://www.infobyte.com.ar/down/ISR-sqlget-Readme.txt
http://www.infobyte.com.ar/demo/ISR_sqlget_ISS_proventia_bypass.html
ISR-Form
http://www.infobyte.com.ar/down/ISR-form-v1.0.tar.gz
BlindMap
http://www.c0debreak.net/cb/main.html
http://codebreak.uni.cc/cb/papers/blind.html
http://codebreak.uni.cc/downloads/sql.zip
http://external.c0debreak.net/files/sql.zip
http://w4ck1ng.com/tools/sql/sql.zip
BaKo's SQL Injection Scanner v2.2 - BaKo [2007-11-29]
http://files.h4ck-y0u.org/3745771
[ ] Web application vulnerability scanner / security auditor
http://wapiti.sourceforge.net/
[ ] w3af - Web Application Attack and Audit Framework
http://w3af.sourceforge.net/
[ ] advanced web server fingerprinting
http://www.computec.ch/projekte/httprecon/
(有windows版)
[ ] http://chorizo-scanner.com/
[ ] OWASP SQLiX Project
http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project