Enhancing SQL Injection Support

Injection attacks are still the most common type of vulnerabilities found in software, SQL injection is one of them, it exploits the lack of sanitization of the user input when performing database queries, the goal of the project is to enhance SQL injection support in the metasploit framework, to make it easier for module writers to implement SQL injection attacks.

In order to accomplish that, I will be implementing the common SQL injection attack types (including blind injections), and adding a level of abstraction, where I handle retrieving the table and column names, and other informations, on the different database management systems.

People developing SQL injection exploits with metasploit will no longer need to implement the binary search required to do blind SQL injection, or measure timing in time-based attacks, or prepare a query that depends on the DBMS to retrieve the table names.