quick links
can I get an introduction?
Sure. squeeza was released as part of SensePost's BlackHat USA 2007 talk on timing and related attacks.
A local Copy of the Paper is available, as is a copy of the slides.
what does squeeza do?
squeeza is a tool that helps exploit SQL injection vulnerabilities in broken web applications. Its functionality is split into creating data on the database (by executing commands, copying in files, issuing new SQL queries) and extracting that data through various channels (dns, timing, http error messages)
Currently, it supports the following databases:
- Microsoft SQL Server
squeeza is not a tool for finding injection points. That recipe generally starts with 1 x analyst.
license
squeeza is distributed under the GNU General Public License.
more info?
Check out the README.
Downloads:
READMEv0.21.txt
squeeza-0.22.tar.gzContent links:
Neighbouring sections
- Anapickle - Python Pickle hacking toolset
- BidiBlah - Assessment & Footprint Console
- GlypeAhead - Port Scan through Glype Proxies
- J-Baah - Generic HTTP Fuzzer
- jCertChecker - SSL Certificate Miner
- ntp_monlist.py
- reDuh - HTTP Tunneling Proxy
- Scully - SQL Brute Forcer
- Spud - Generic Search Engine API
- Suru - Web Application Attack Proxy
- Wikto - Web Server Vulnerability Scanner