2 Summary: SQLIer - an SQL Injection vulnerable URL prober
8 # Source0Download: http://bcable.net/archive.php?%{name}-%{version}b.sh
9 Source0: %{name}-%{version}b.sh
10 # Source0-md5: 40702eb5397dfd4134ad7761a15a5e88
11 Patch0: %{name}-bashism.patch
12 URL: http://bcable.net/project.php?sqlier
17 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
20 SQLIer takes an SQL Injection vulnerable URL and attempts to determine
21 all the necessary information to build and exploit an SQL Injection
22 hole by itself, requiring no user interaction at all (unless it can't
23 guess the table/field names correctly). By doing so, SQLIer can build
24 a UNION SELECT query designed to brute force passwords out of the
25 database. This script also does not use quotes in the exploit to
26 operate, meaning it will work for a wider range of sites.
28 An 8 character password (containing any character from decimal ASCII
29 code 1-127) takes approximately 1 minute to crack.
33 cp %{SOURCE0} %{name}.sh
37 rm -rf $RPM_BUILD_ROOT
38 install -d $RPM_BUILD_ROOT%{_bindir}
39 install %{name}.sh $RPM_BUILD_ROOT%{_bindir}/%{name}
42 rm -rf $RPM_BUILD_ROOT
45 %defattr(644,root,root,755)
46 %attr(755,root,root) %{_bindir}/sqlier