Squeeza was released as part of SensePost's BlackHat USA 2007 talk on timing and related attacks.
Squeeza is a tool that helps exploit SQL injection vulnerabilities in broken web applications. Its functionality is split into creating data on the database (by executing commands, copying in files, issuing new SQL queries) and extracting that data through various channels (DNS, timing, HTTP error messages). Currently, it supports the following databases: + Microsoft SQL Server
Squeeza is not a tool for finding injection points. That recipe generally starts with 1 x analyst.
- Source Code: GitHub
- License: GPL