>> Looking for SQL Inj Hacking Guru << Please Look!

As the title suggests, I'm looking for someone who's knowledge is extensive in SQL Injection. This is not a request to find someone to hack some site for me….

I'm developing a software that deals in this area. 70-80% of it I'd say is done, I've waited till I coded a large percent of it until I posted here.

Program Info: Coded in 100% managed C#.Net As of now it is being compiled on .NET 2.0 Framework, but with the intention of being backward compatible to 1.0/1.1. I will compile for those frameworks, upon completion.

Requirements: I'm looking for someone who truly understands SQL weaknesses and how to exploit them. Don't think you're a guru, just because your title says so on HBH. lol. I have some knowledge and have been doing research, but I need an expert, to help write exploits and such.

Knowledge needed: Basic SQL Inj. Blind Injection. Redirection/Reshape query attacks. UNION SELECT exploits.

It would also be helpful if you knew some kind of programming, does not need to be c#, I know many languages. If you know any of: php, vb, c++, java, or any .NET would be great. I know little perl, but its not hard to understand, so if thats your main language, I'm sure its workable…

But for the main part, I need you to handle researching and writing sql exploits, how to detect if sites are vulnerable (ie. do you receive any errors upon injection, are we redirected, etc etc).

I have already programmed several arrays filled with database table names, composed of the most common names, all names found on forums, members areas, users, form data variables. This will all be at your fingertips to work with. I will explain more in private.

I haven't decided if this will be freeware/open source or shareware yet, but if any money $ is made, we will work out an agreement on paper about your percentage.

I'm very easy to work with … very dedicated. Very relaxed, so if you think you'd like to work on a project like this, just send me a message or post a reply.

Screenshots: (So you know this isn't BS) lol

PM me or contact me on MSN/AIM

Sorry double post

PM me and we can talk further over MSN if you wish.

wolfmankurd and i should be able to deal with anything you need help with.

Im pretty good with SQL injecions, its something ive always liked doing. If you need another person, PM me.

Thanks for the replys guys … will contact you soon about more info. Just finishing up some more coding first.

I know c/c++,but doubt I could help you any with the programming(since it looks like you have it covered)but I would be very interested in helping beta test it.

a-hack wrote: I know c/c++,but doubt I could help you any with the programming(since it looks like you have it covered)but I would be very interested in helping beta test it.

That'd be great. I'm gonna be looking to have a few people BETA test it for me as it progresses.

I'd be more than happy to beta test for you, just giv us a pm

If you need any more beta testers would I be more then hapy to help. I am not so good at coding but I can some VB.net, c++, html, php, javascript.

Just a small update for those wondering about this project. I haven't contacted anyone yet about the SQL Inj, help. I've decided to finish everything else in the program before working on that part. Right now I'm working on the scan engine basically, finding the best methods of combining multithreading along with multiple bots/per thread. … It has actually grown quite complex, and making my head hurt. lol Right now I'm coding the proxy tester with it, then will be able to apply pretty much the same class to the attack engine.

Quick Update: This will be most-likely be released as freeware, however if you'd like the source code, all I'll prob be asking is for a tiny* donation due to the amount of hours spent planning, designing, researching, and coding. I think thats pretty reasonable to ask from a broke college kid who lives off Ego's and beer. :D All contibuters will have their names/aliases on the software if desired. *tiny = $2-5 probably … depending on how in depth it gets.

I'll prob be looking for about 2-3 BETA testers, other than the exploit team.