Bsqlbf V2, Blind SQL Injection Brute Forcer

June 21, 2008

Bsqlbf was originally written by  A. Ramos from and was intended to exploit blind sql injection against mysql backend database. This is a modified version of the same tool. It supports blind sql injection against the following databases:-





It supports injection in string and integer fields. The feature which separates this tool from all other sql injection tools is that it supports custom SQL queries to be supplied with the -sql switch.  

It supports 2 modes of attack(-type):

Type 0: Blind SQL Injection based on True And Flase response

Type 1: Blind SQL Injection based on True And Error Response(details

Usage: $./ -url -method post -match true -database 0 -sql "select top 1 name from sysobjects where xtype='U'"


Send Your feedbacks/suggestions to sid-at-notsosecure(dot)com 


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.