Our Blog

Our news

All you need to know

Squeeza: The SQL Injection Future?

Reading time Less than a minute

During our talk we demo’d squeeza.. We will link to the slides and .ppt as soon as we can, but have been getting a few requests already for the code, so here it is..

For those who missed the talk, squeeza is a SQL Injection tool, that once given an entry point can simply a bunch of things. Its the first tool i know of that facilitates full binary file transfers (download from the remote SQL Server), database enumeration, etc via a number of channels (Currently via DNS, via HTTP Error messages and Via Timing).

Enough small talk.. Take it for a spin, and send feedback to research@sensepost.com.. We will give squeeza its place on /research when we get back from Vegas..

/mh