y0,
sorry for the NO update, but got time last weekend and tried out the ODBC convert sql injection exploit for MSSQL and implemented it on sqli helper. easy to spot exploitable page, just add a qoute, if you get “Microsoft OLE DB Provider for SQL Server error ‘80040e07′” then its exploitable
SQLI Helper for MYSQL and MSSQL 2.6 ODBC Error Message Exploit
- schema dump
- data dump
no change in use, best is to test it with these sites
http://desisweet.com/desichapationline/item_details.asp?item_id=1
http://www.bernco.gov/stage/departments.asp?dept=2340&submenuid=21008
on ver 2.7 i will add ms access
sure there are similar tools out there, but my tool is the easiest to use, put the url and watch the app do the rest. enjoy
I already downloaded it, when I click open rar program,,
“the application failed to initialized properly ……..”
its any wrong??
please help
download the latest .net framework, been using vs 2008 it defaults to .net 3.5 framework
Posted by reiluke at April 7, 2009, 11:44 pmThanks for the new release reiluke!!
However one small bug, I came across.
If there is a following table schema:
Database: test
Table:SECRET
Columns of SECRET:
token,id
Data of token,id:
secretData,1
SQLiHelper comes back with following results:
Getting Table List for test Finished
Getting Column List For Table SECRET
Getting Column List for Table SECRET Finished
Nothing is extracted under “Column Name” section.
However, I tried the same in FG Injector, which gives back the result happily for following query:
>select token from test.SECRET
secretdata
Is this coz of the tablename being in upper case and the query being formed (which I believe) modifies all table name to lower case, and it fails to extract data properly ???
I’m not sure; you have better knowledge on this 
Thanks for all your effort on this tool. Cheers mate!
Posted by b4d at April 8, 2009, 4:08 amhi mate, it should work since were just querying database schema. is this mssql or mysql? i never did encounter case sensitive problems, you have to give me a sample url to fix it
Posted by reiluke at April 8, 2009, 10:09 amVery nice tool reiluke. I have problems when the tool is minimized in the tray. When I try to get the window back up it doesn’t show up but the process is visible in the task manager. Maybe a small bug.
Works pretty well. Maybe it would be better if you add the WHERE condition in the main window and not the popup window and also for the hex option.
Thx again for it. Great tool.
Posted by damso at April 17, 2009, 4:31 pmthanks damso for the suggestion will do, just right click icon ang click on show window
Posted by reiluke at April 17, 2009, 4:46 pmevery site i try it says this
Get Server Info
Check if URL is Vulnerable
URL is Vulnerable
Check No. of Columns
Check No. of Columns - finished
Looking for larget text visible column
Check if supports union
Check if supports union - finished
Check if database version
Check if database version - finished
Check if database version
Check if database version - finished
Check Current Database
Check current database - finished
Checking LoadFile
Check Load File - finished
Switch comment from — to /*
Check if URL is Vulnerable
URL is Vulnerable
Looking for larget text visible column
Check if supports union
Check if supports union - finished
Check if database version
Check if database version - finished
Check if database version
Check if database version - finished
Check Current Database
Check current database - finished
Checking LoadFile
Check Load File - finished
Removing Comment
Check if URL is Vulnerable
URL is Vulnerable
Looking for larget text visible column
Check if supports union
Check if supports union - finished
Check if database version
Check if database version - finished
Check if database version
Check if database version - finished
Check Current Database
Check current database - finished
Checking LoadFile
Check Load File - finished
Could not get no. of columns for uknown reasons, if you entered a ‘true keyword’ and nothing, get the columns manually
u sure is vulnerable? try using exploit scanner
Posted by reiluke at April 20, 2009, 10:26 amHiya Reiluke.
When I am getting the column list it wont give me all the columns.
I can see all the columns with a manual inject but with Sqlihelper 2.5/2.6 it wont show all columns.
Page that I tried on:
http://www.ninjatune.net/videos/video.php?type=qt&id=88
i think its the problem when program looks for column number and injectable column. when I manually select those functions then it works fine.
For some sites it works and for some don’t work.
waiting for 2.7 with ms access support ^_^
Posted by cherish82vn at May 3, 2009, 10:26 pmyour tool is great and very stable!!! I expect that the next version will be great! I’ impatient 
the best free tool!!!! wow… but there’s a small bug, i cant dump anything 
how i can lift max dump… why its only 100… i hope on the next version you will let us lift the limit of the dump
@jack
limit the fields to dump to 2-3, program uses 1 visible column only then concatenates the field for output, so if you select too many fields, it may return nuthin
@on3love
check options mate, defaulted it to 100
Thx for tools reiluke
add pliz basic autentification !!!
thanks a lot
bye
Posted by ArkngL at May 23, 2009, 10:48 pmif you need to login before injeact, just copy and paste the cookie, you can get it via livehttp plugin in firefox
Posted by reiluke at May 25, 2009, 10:24 amI talk about the pages that do not use cookies for authentication (pop-up)
the pages type form, use cookies authentication but many pop-up not
thanks a lot for your quickly response… i hope that u can add to the basic funtion…
bytes !
Posted by ArkngL at May 28, 2009, 10:10 amAll comments are moderated. Your comments will not appear here unless approved by the blog owner. Thank you.
can anyone post a working email checker? will be very much appreciated
san ka sa pilipinas?
“>alert(String.fromCharCode(88, 83, 83))
“>alert(String.fromCharCode(88, 83, 83))
Anyone has a idea to use post method in sqlihelper? Thnkxxx
someone have sign up code for shopadmin.cc? please email it to me… richardsilly888@yahoo.com
How to work with post method in sqlihelper 2.7?
itx backdoored 
AVG detected chk link and c level of infection
Can you make a mirror to your tools ? Rapidshare sucks ..
email checker isnt working indeed.. all emails are correct, even with 3 characters 
e-mail checker dont workkkkkkkkkkkkkkkkkkkkkkk
Email checker don work
Sup, there seems to be a problem with your email checker as it places invalid email:pass in the valid section, pretty much all the emails are transfered to the valid box
nice blog site. ok na ok.
anyway share ko lang po. you can watch manny pacquiao video collection here:
http://boxing-tube.tk
or here:
http://mannypacquiao.tk
New Rapidshare Collector’s & Premium Accounts Checker.
Demo: http://ralf69.justfree.com/
I will sell script for mass verification data Rapidshare Collector’s & Premium Accounts.
@rd0 Linux users don’t need sql injecting programs they already know how to manually Inject or dont even waste there time
There is a version of SQLiHelper for linux?
i try whit mono but doesnt work..
looking for a sqli scanner, that scans not only php but also cfm and asp. Thanks !
After I used the exploit scanner, I got like 600 sites to be tested. sql error based is check marked and I click test, the progress bar runs to 100% in like 2seconds and no vuln sites are shown on the list
the keylogger html alwasys prompt a ” There was a problem with the request ” everytime its being opened.? the the prob bro? pls mail me. thanks and waiting for ur reply
thznks a lot
Posted by squpporter at April 3, 2009, 5:20 am