I got a web-server aka my target which is a shared hosting, contains more than 100 sites on it,it is a windows server, i am still learning a lot of manual sql methods, but i am tired at a particular stage,...
i am willing to find "structure" of the 100 web-sites ,i.e i need to check what are all the sites having "sqli vulnerable" strucutre like this ".php?=", ".aspx?=" or ?= some thing like this,
I do know a few tools out there like accunteix,but it is like a kind of shitty,heard that the target will be getting lot of security notifications when we scan the target and also it is taking too much of time,all i am looking for is a tool where i can input 100's of web-sites as input and crawl the structure of sites,also it should not generate much of notifications on the target,Also it should not take much time like accunteix,..
try other methods, Guest account with remote desktop if the port is open for it(I'm pretty sure a very small amount of people remember to set passwords for the Guest account). Also, if the server's sql database supports dbo, you might be able to execute system commands through injections.
commonly a user of an sql database will use the same password there as in their admin panel, if you can get control of the sql database you can upload files, change tables/columns/user data. believe it or not, you can view other databases in sql injection....
SELECT SCHEMA_NAME FROM information_schema.columns WHERE table_schema = information_schema