Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities
on a web application that uses Microsoft SQL Server as its
back-end. Its main goal is to provide a remote access on the
vulnerable DB server, even in a very hostile environment. It should
be used by penetration testers to help automate the process of
taking over a DB Server when a SQL Injection vulnerability has been
discovered.
Since version 0.2.5, sqlninja will upload .exe files by default
instead of .scr ones. If you want to upload .scr files instead,
the original sqlninja files are distributed in:
/usr/lib$LIBDIRSUFFIX/sqlninja/scripts/
Raul Siles' patch for better Metasploit Framework interaction has been
discontinued since it was released for an old version of sqlninja
only. The patch added two new timers ($client_delay (30 secs) and
$server_delay (5 secs)) to use within sqlninja. Since it could be
still somehow handy it has been included in the package documentation
directory.