imgsrc: http://www.insecure.in/images/sql_injection.gif
sqlmap ( http://sqlmap.sourceforge.net/ )
Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server.
Partial support for: Microsoft Access, DB2, Informix, Sybase and Interbase.
Safe3 SQL Injector ( http://sourceforge.net/projects/safe3si/files/ )
Full support: MySQL, Oracle, PostgreSQL, MSSQL, ACESS, DB2, Sybase, Sqlite.
SQL Power Injector ( http://www.sqlpowerinjector.com/ )
Supports: Microsoft SQL Server, Oracle, MySQL, Sybase / Adaptive Server and DB2.
Absinthe ( http://www.0x90.org/releases/absinthe/index.php )
Supports: Microsoft SQL Server, MSDE, Oracle, and Postgres.
bsqlbf-v2 ( http://code.google.com/p/bsqlbf-v2/ )
Supports: MySQL, Oracle, PostgreSQL and Microsoft SQL Server.
Marathon Tool ( http://www.codeplex.com/marathontool )
Supports: MySQL, Oracle, Microsoft SQL Server and Microsoft Access.
Havij ( http://itsecteam.com/en/projects.htm )
Supports: MySQL, Oracle, Microsoft SQL Server and Microsoft Access.
pysqlin ( http://code.google.com/p/pysqlin/source/checkout )
Implemented: Oracle, MySQL and Microsoft SQL Server.
BSQL Hacker ( http://labs.portcullis.co.uk/application/bsql-hacker/ )
Implemented: Oracle and Microsoft SQL Server.
Available experimental support for MySQL.
WITOOL ( http://witool.sourceforge.net/ )
Implemented: Oracle and Microsoft SQL Server.
Sqlninja ( http://sqlninja.sourceforge.net/ )
Supports only Microsoft SQL Server.
sqlus ( http://sqlsus.sourceforge.net/ )
Supports only MySQL.
DarkMySQLi16.py ( http://vmw4r3.blogspot.com/ )
Supports only MySQL.
mySQLenum ( http://sourceforge.net/projects/mysqlenum/ )
Supports only MySQL.
PRIAMOS ( http://www.priamos-project.com/ )
Supports only Microsoft SQL Server.
SFX-SQLi ( http://www.kachakil.com/ )
Supports only Microsoft SQL Server.
DarkMySQL ( http://vmw4r3.blogspot.com/ )
Supports only MySQL.
ProMSiD Premium ( http://forum.web-defence.ru/showpost.php?p=12402&postcount=15 )
Supports only MySQL.
yInjector ( http://y-osirys.com/softwares/s-softwares/id10 )
Supports only MySQL.
Bobcat SQL Injection Tool ( http://www.northern-monkee.co.uk/pub/bobcat.html )
Laudanum ( http://sourceforge.net/projects/laudanum/ )
Hexjector ( http://sourceforge.net/projects/hexjector/ )
WebRaider ( http://code.google.com/p/webraider/ )
Supports only Microsoft SQL Server.
Designed to execute commands on the server (reverse shell).
Pangolin ( http://www.nosec.org/2009/0920/74.html )
Pangolin distributed on a commercial basis, but is also available in a free version with limited functionality.
Implemented: Oracle, Microsoft SQL Server 2000/2005, Sybase, Access, Mysql, DB2 and Informix.
Toolza 1.0 (SQL injection supported DB: Mysql, Mssql, Sybase, Postgresql, Access, Oracle, Firebird / Interbase): http://bug-track.ru/prog/toolza1.0.rar
MySQL> = 4.x: https://forum.antichat.ru/threadnav43966-1-10.html
MySQL 3.x: http://forum.antichat.ru/showthread.php?t=20127
MSSQL: http://forum.antichat.ru/thread15087.html
ORACLE: http://forum.antichat.ru/showthread.php?t=40576
PostgreSQL: http://forum.antichat.ru/thread35599.html
MSAccess: http://forum.antichat.ru/thread50550.html
http://devteev.blogspot.com/2010/01/sql-injection.html
http://pentestmonkey.net/cheat-sheets/
source: http://esploit.blogspot.com
sqlmap ( http://sqlmap.sourceforge.net/ )
Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server.
Partial support for: Microsoft Access, DB2, Informix, Sybase and Interbase.
Safe3 SQL Injector ( http://sourceforge.net/projects/safe3si/files/ )
Full support: MySQL, Oracle, PostgreSQL, MSSQL, ACESS, DB2, Sybase, Sqlite.
SQL Power Injector ( http://www.sqlpowerinjector.com/ )
Supports: Microsoft SQL Server, Oracle, MySQL, Sybase / Adaptive Server and DB2.
Absinthe ( http://www.0x90.org/releases/absinthe/index.php )
Supports: Microsoft SQL Server, MSDE, Oracle, and Postgres.
bsqlbf-v2 ( http://code.google.com/p/bsqlbf-v2/ )
Supports: MySQL, Oracle, PostgreSQL and Microsoft SQL Server.
Marathon Tool ( http://www.codeplex.com/marathontool )
Supports: MySQL, Oracle, Microsoft SQL Server and Microsoft Access.
Havij ( http://itsecteam.com/en/projects.htm )
Supports: MySQL, Oracle, Microsoft SQL Server and Microsoft Access.
pysqlin ( http://code.google.com/p/pysqlin/source/checkout )
Implemented: Oracle, MySQL and Microsoft SQL Server.
BSQL Hacker ( http://labs.portcullis.co.uk/application/bsql-hacker/ )
Implemented: Oracle and Microsoft SQL Server.
Available experimental support for MySQL.
WITOOL ( http://witool.sourceforge.net/ )
Implemented: Oracle and Microsoft SQL Server.
Sqlninja ( http://sqlninja.sourceforge.net/ )
Supports only Microsoft SQL Server.
sqlus ( http://sqlsus.sourceforge.net/ )
Supports only MySQL.
DarkMySQLi16.py ( http://vmw4r3.blogspot.com/ )
Supports only MySQL.
mySQLenum ( http://sourceforge.net/projects/mysqlenum/ )
Supports only MySQL.
PRIAMOS ( http://www.priamos-project.com/ )
Supports only Microsoft SQL Server.
SFX-SQLi ( http://www.kachakil.com/ )
Supports only Microsoft SQL Server.
DarkMySQL ( http://vmw4r3.blogspot.com/ )
Supports only MySQL.
ProMSiD Premium ( http://forum.web-defence.ru/showpost.php?p=12402&postcount=15 )
Supports only MySQL.
yInjector ( http://y-osirys.com/softwares/s-softwares/id10 )
Supports only MySQL.
Bobcat SQL Injection Tool ( http://www.northern-monkee.co.uk/pub/bobcat.html )
ExploitMyUnion ( http://sourceforge.net/projects/exploitmyunion/ )
Laudanum ( http://sourceforge.net/projects/laudanum/ )
Hexjector ( http://sourceforge.net/projects/hexjector/ )
WebRaider ( http://code.google.com/p/webraider/ )
Supports only Microsoft SQL Server.
Designed to execute commands on the server (reverse shell).
Pangolin ( http://www.nosec.org/2009/0920/74.html )
Pangolin distributed on a commercial basis, but is also available in a free version with limited functionality.
Implemented: Oracle, Microsoft SQL Server 2000/2005, Sybase, Access, Mysql, DB2 and Informix.
MySQL> = 4.x: https://forum.antichat.ru/threadnav43966-1-10.html
MySQL 3.x: http://forum.antichat.ru/showthread.php?t=20127
MSSQL: http://forum.antichat.ru/thread15087.html
ORACLE: http://forum.antichat.ru/showthread.php?t=40576
PostgreSQL: http://forum.antichat.ru/thread35599.html
MSAccess: http://forum.antichat.ru/thread50550.html
http://pentestmonkey.net/cheat-sheets/
source: http://esploit.blogspot.com