BlindSQLInjector一个SQL 盲注入工具,目前仅支持MS SQL服务器。它是基于时间差来判断真假条件并提取数据。该工具的关键特点是它使用了二进制搜索机制来减少字符搜索的地址空间，这意味着只需要发送7至8次请求就能够获取字符的值。目前，该工具发布勒BlindSQLInjector v1.0.0版，其主要改变如下：
    •Corrected another URL line parsing issue
    •Added context menu to the schema tree view
    •Changed the tree view from the standard one to the Multi-Select Tree view (https://sourceforge.net/projects/mstreeview)
    •Improved unique tagging of tree view nodes
    •Added new window to allow the configuration of the data extraction e.g. number of rows etc
    •Added new window (Data) to display extracted data. The data can be accessed via the context menu item on the table tree view node (Show data) or by double clicking the table tree view node
    •Added the ability to export data via the Data window. The data export works in both append and overwrite modes
    •Separated enumeration and data extraction code
    •Implemented global singleton to hold the schema and current state
    •Fixed column length enumeration
    •Modified to allow the user to export the extracted data by right clicking on a table and selecting the appropriate context menu item. This function works the same as the functionality provided by the Data window
    •Modified the project load/save to include the enumeration types e.g. server version, DB name, current user, table names, column names, column types, column lengths
    •Removed the “;” from all of the SQL statements used by the application, so now you must complete the statement e.g. SELECT* FROM Users WHERE UserId = 1; (Note the semi colon at the end)
    •Moved the Test function to a separate object e.g. Implements the Action abstract class
    •Modified the data extraction window to allow the user to select which columns to extract data for
    •Removed the requirement to extract the column type before the column length
    •Added the ability to enumerate columns for specific tables, so now you can enumerate tables, then right click on the interesting tables, and select Enumerate Columns
    •Modified to stop the schema tree view disappearing when any form of enumeration starts
    •Added the ability to use Save As functionality for the project file, so once the project file loaded or previously saved, you can just hit the Save menu item and it will overwrite the file without having to reselect it Added tool bar buttons to allow the loading and saving of the project
    •It now alerts the user if the project has changed and needs saving. The title bar text will change to “BlindSQLInjector *” if the project needs saving.
    •Modified the form closing event to prompt the user if the project needs saving
    •Bumped to version 1.0.0
工具更多信息及下载地址：http://www.woany.co.uk/news/blindsqlinjector-v1-0-0/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    BlindSQLInjector is an application to perform completely blind SQL injection. Currently it only supports MS SQL Server. It uses time based inference to determine true or false conditions to extract data. The key feature is that it uses a binary search mechanism to reduce the character search address space, this means it can get each character value within 7 to 8 requests.

Get More：http://www.woany.co.uk/news/blindsqlinjector-v1-0-0/