Official Kali Linux BBQSQL site: http://tools.kali.org/vulnerability-analysis/bbqsql
BBQSQL is a Python based blind SQL injection tool to test your SQL connections on the Internet. (why bbq? because SQL injection is delicious)
This is a bit more advanced than the SVA -(Scan Vulnerability Analysis) within the SVAPE & C http://oversitesentry.com/tonyz/pubhtml/fixvirus/svapec/
SQL injection is more like the PE portion Penetrate Exploit(SQLi is successful with an exploit)
As the Screnshot mentions, there are many parameters to enter before one can enter 5 (Run Exploit)
In http setup parameters there are a few items you should add url of the website that hosts the sql site for one.
Allow redirects means a Boolean value to be entered (0 or 1)
proxies to be entered if needed
data is either a string or dictionary value
method is an http request (get, options, head, post, put, patch, delete)
cookies can be a cookie value that may be needed by the sql website.
auth is the best one – since here is where one would add a username/password combination like (“username”,”thepassword”)
Once all the essential http parameters are set up then we add the sql commands in the query config parameter.
there are other parameters if needed, csv_output_file, technique(Value is a binary search), comparison attribute(Value is size), concurrency(value is 30), and hooks_file.
You can see that the actual parameters will matter depending on the sql database to be accessed, of course one can do the basic parameters like 1=1 where if there are no safeguards set up all the data can be listed.
If you want to learn more about SQL injection here is a good site:
http://resources.infosecinstitute.com/sql-injection-http-headers/
adding language_id HTTP cookie: -1+UNION+ALL+SELECT+1.2.3.4
The idea is to use parameters that will obtain SQL data without authorization.
We can help test your website with SQL databases. first with Alpha and then with Sigma Scans
Contact Us http://oversitesentry.com/contact-us/