jSQL Injection Changelog

What's new in jSQL Injection 0.95

Oct 16, 2023
  • Improve prefix and query size
  • Star param * now checks for insertion char
  • Check for multiple star params *
  • Keep console tabs colored until clicked
  • Remove stacktrace from error messages
  • Add Postgres Error strategy Cast:stacked
  • Add Postgres query for reading file
  • Add Postgres system filenames to File list
  • Add SQL Server Stacked strategy
  • Improve DB2 Error strategy detection
  • Improve DB2 queries reliability

New in jSQL Injection 0.94 (Oct 8, 2023)

  • Fix Sleep Time always applied when disabled in Preference
  • Fix URL encoding always applied in path when disabled in Preference
  • Fix strategy Stacked not applied
  • Optimize SQL query (1x character removed)

New in jSQL Injection 0.93 (Oct 8, 2023)

  • Add Boolean no-mode (special use case)
  • Add Preference to disable URL random suffix
  • Fix empty String not possible in SQL Engine
  • Add CTF platforms to Scan list:
  • challenges.ringzer0team.com
  • natas.labs.overthewire.org
  • web.ctflearn.com
  • test.shack2.org
  • 127.0.0.1/sqli-labs

New in jSQL Injection 0.92 (Sep 1, 2023)

  • Add Multibit strategy (3 times faster than Blind)
  • Add Preference to disable strategies
  • Replace Boolean size queries with trail query
  • Optimize SQLite calibrator
  • Add vulnweb, juice.shop, hackthebox URLs to Scan
  • Fix i18n managers tabs
  • Optimize Boolean false positive detection

New in jSQL Injection 0.91 (Aug 14, 2023)

  • Add Stacked strategy
  • Add Stacked mode to Boolean strategies
  • Add Stacked payloads to Error strategies
  • Add file and privilege queries to SQL Engine
  • Improve bulk scan result
  • Improve cookies processing
  • Improve CSRF and Digest handshake processing
  • Improve H2 and PostgreSQL injection
  • Switch PHP SQL shell to mysqli_connect
  • Bugfix: #95426 #95422

New in jSQL Injection 0.90 (Jul 25, 2023)

  • Fix URL encoding during connection test

New in jSQL Injection 0.89 (Jul 24, 2023)

  • Digest authentication client implementation
  • Improved stability and error handling
  • Add item GET to request list (default instead of POST)
  • Fix warning on start

New in jSQL Injection 0.88 (Jul 20, 2023)

  • Add workflow to publish releases with approval
  • Improve unhandled error report and help tooltip wording
  • Upgrade Github Actions and dependencies version
  • Improve test consistency

New in jSQL Injection 0.87 (Jul 13, 2023)

  • Auto inject multipart and cookie params
  • Optimize connection test
  • Restore issue tracking, translation submit, bug report
  • Compatibility for Java 18

New in jSQL Injection 0.86 (Jul 7, 2023)

  • Add colors to logs for tracking boolean queries
  • Support multipart boundary with injection point star (*)

New in jSQL Injection 0.85 (Jul 7, 2023)

  • Compliance to Java 17
  • Switch to native HttpClient

New in jSQL Injection 0.84 (Jul 7, 2023)

  • Integrate Nashorn sandbox for Java 15
  • Fix Mac glitches
  • Restore Scan results
  • Use Java 11 and drop Java 8, 9, 10

New in jSQL Injection 0.83 (Jul 7, 2023)

  • Various new preferences like thread control, User agent, Zip and Dios modes
  • Add 11 database engines: total of 34 engines
  • Multi modules for continous integration
  • Fingerprint, stability and more

New in jSQL Injection 0.82 (Jan 3, 2020)

  • Tampering options against WAF
  • Refactoring for Cloud and multithreading compatibility
  • Restore unhandle exception, translation and issue creation on Github

New in jSQL Injection 0.81 (Jan 3, 2020)

  • Fix multi-params injection,
  • Fix adding items to Scan list,
  • Fix reading from Github (mandatory line feed)
  • Fix various bugs.

New in jSQL Injection 0.80 (Sep 11, 2017)

  • Major release:
  • Test all parameters including JSON,
  • Parse forms and Csrf tokens,
  • Databases: CockroachDB Mckoi Neo4j NuoDB Hana and Vertica,
  • Translation complete: Russian, Chinese.

New in jSQL Injection 0.79 (Apr 10, 2017)

  • New Error Strategies for MySQL and PostgreSQL compatible with Order/Group By
  • Wider range of Characters Insertion including multibyte �
  • Various optimizations and bug fixes

New in jSQL Injection 0.78 (Apr 3, 2017)

  • Major changes:
  • SQL Engine
  • MySQL BIGINT Overflow for MySQL
  • Database flavor: Access
  • Translations: es pt de it nl id
  • GUI improvements
  • This specific commit includes:
  • Update README and Web Services metadata
  • i18n anticipation for SQL Engine and Preferences panels
  • Fix Database Vendor XML for ${RESULT_RANGE} candidates

New in jSQL Injection 0.77 (Sep 5, 2016)

  • JUnit tests for Cubrid, Informix and Ingres
  • Fix nullable result on MySQL newer version
  • Database vendor selection is now exclusive
  • Fix URL decode in Coder manager
  • Fix opened thread when selecting database
  • Optimize multithreading of reading file: process partial result
  • Explicit naming of threads Callable
  • Code design and SonarQube cleaning

New in jSQL Injection 0.76 (Aug 9, 2016)

  • New Czech translation
  • New database SQLite
  • Fix language detection
  • Fix #1654: Report ClassCastException
  • Fix #4301: Unhandled ClassCastException
  • Upgrade to SonarQube 6.0

New in jSQL Injection 0.75 (Aug 2, 2016)

  • Translation and language detection
  • Clean code design and Ui
  • Better multi-threading and multiple injection
  • Fix different injection strategies and SQL vendors
  • Upgrade to Java 7 and compatibility up to Java 9
  • Fix jcifs timeout

New in jSQL Injection 0.74 (Jan 31, 2016)

  • Bugs fixes and code quality:
  • Fix #1500, Fix #1544, Fix #1571, Fix #1617, Fix #1670, Fix #1671, Fix #1683
  • Database vendors as Enum
  • Tests cleaning
  • SonarQube code quality cleaning

New in jSQL Injection 0.73 (Dec 29, 2015)

  • Authentication Basic Digest Negotiate NTLM and Kerberos.
  • Database type selection.
  • Remove Cookie (use Header instead).
  • Fix MySQL error based.

New in jSQL Injection 0.72 (Dec 7, 2015)

  • Fix broken blind and time and some issues : fix #83, fix #82, fix #67, fix #60, fix #46.

New in jSQL Injection 0.71 (Nov 30, 2015)

  • Coder/Bruter for Adler32 Crc16 Crc32 Crc64
  • Format Github reporter
  • Fix header connection test

New in jSQL Injection 0.7.0 (Nov 23, 2015)

  • This version includes :
  • Batch scan
  • Github issue reporter
  • Support 16 db engines
  • Optimized GUI

New in jSQL Injection 0.6.0 (Jan 6, 2015)

  • 10 dbs vendors supported: DB2 Firebird Informix Ingres MaxDb MSSQLServer MySQL Oracle PostgreSQL Sybase
  • JUnit tests
  • No more hex encoding: injection twice as fast
  • log4j and i18n integration
  • and more like sonarqube quality check, design pattern, new font, etc

New in jSQL Injection 0.5 (Oct 3, 2013)

  • SQL shell
  • Uploader

New in jSQL Injection 0.4 (May 22, 2013)

  • Admin page checker
  • Brute forcer
  • Coder (encode decode base64 hex md5...)

New in jSQL Injection 0.3 (Mar 11, 2013)

  • GET, POST, header, cookie methods
  • Normal, error based, blind, time based algorithms
  • Automatic best algorithm selection
  • Thread control (start/pause/resume/stop)
  • Expose URL calls
  • Simple evasion
  • Data retrieving progression bar
  • Proxy setting
  • Distant file reading
  • Webshell deposit
  • Terminal for webshell commands
  • Configuration backup
  • Updates checking
  • Supports MySQL