SQL-nightmare: SQL SERVER Exploitation
SQL Nightmare
An SQL SERVER Exploitation tool
Functions
- Server Directory navigation.
- Server Database Dump.
- Read Server Files.
- Shell spawning.
Download
Use
SQL-nightmare.exe
Input URL Format
http://localhost:1234/index.aspx?param=1 AND 0 union select 1,’rummykhan’,2 –X-
Replace the string/vulnerable column to ‘rummykhan’ and ending comments to –X-
Disclaimer
- This software was written for educational purposes only.
- Don’t use it on any site without prior permission of site owner.
Source: https://github.com/rummykhan/SQL-nightmare
