Hello, Today we are making a Python MySQL SQL injection checking tool. This is the reason why we have nominated it, your first simple SQL injection screen vulnerability with Python 🙂
It will work on the GET parameters using websites only.
You need to:
- Python 3.4
- Internet connection
- A weak website
- Computer with Windows or Linux
If you have not yet installed the python, download it from the link below:
https://www.python.org/downloads/
Python Basics
It has been written in Python C, it is one of the easiest programming languages for hacking tools, it contains a lot of very useful Libs, today, we will use 1 of them,
Finding a Website to Test
To use simple SQL Dork, you can easily find a website, such as Inirlin: "index.php? Cat_id =" You can see a weak site dump on the web
Step by step code check your first simple SQLi vulnerability with Python:
Before starting coding, create a new .py file
Importing of main libraries
This time we will use the sys, urlib, and urllib.request module, so import the imports, urlib, urllib.request or import sys, import urlib and import urlib.request into the new line and import those 3
Codify your first simple SQL probe vulnerability with Python
Explanation: 'Import' libraries are used to import, such as urllib or os, systems
Selecting input type
Now we need to choose the input type, first one is very easy, the second one is hard. This time we will use the first one, but it does not affect the other lines of code
1) Use the input ("") command to get user input. This time it will be:
fullurl = input ("specify full weak url:")
Codify your first simple SQL checking vulnerability with Python
Explanation: 'variable = input' ('Input:') 'User Input' sets' var 'variable', the text viewed by user on 'Input:' input line is
2) Use the logic to specify the data:
For Karag in sys.argv:
If carg == "-w":
argnum = sys.argv.index (carg)
argnum + = 1
Absolute = sys.argv [argnum]
Codify your first simple SQL checking vulnerability with Python
Explanation: 'If' is a well-known macro stanement right now, we are using it to determine the curant arg, the second line - indicates the second argument, 'in' - if a string is specified in one Checks the text
Coding program to a web request
This is the most important part.
resp = urllib.request.urlopen (fullslural + "= 1 \ 'or \' 1 \ '= \' 1 \ ')"
Body = resp.read ()
Furnishth = body.decode ('utf-8')
Codify your first simple SQL probe vulnerability with Python
Explanation: resp variable response response, body - feedback text, full speech - decode request request is set to text, '+' is an additional variable on Python, \ escape character
Creating a program to set goals is whether the goal is weak or not
Now, after we have a response, we have to check whether there are SQL errors in it or not.
We will use this code for:
If there is "an error in your SQL syntax" in full:
Print ("Website Classic SQL Injection Is Weak!")
other:
Print ("Website classic SQL injection is not weak!")
Codify your first simple SQL checking vulnerability with Python
Explanation: If the response is specified in the text or not, then we use the 'macro'.
Scanner with the first type of user input received
Codify your first simple SQL checking vulnerability with Python
With another type
Codify your first simple SQL probe vulnerability with Python
So yes, that's it!
Save the file, open the CMD and the 'Python filename' and input the requested information; If you were using the second method, use 'Python filenamy.py -w website'. It will check that the site's weak 🙂
The copied code can not work, please rewrite it in your file 🙂
If you had errors in syntax
Unexpected confirmation appears when there are problems with the tabs.
Problems with syntax are mostly visible on problems with macros. If this error occurred, please check the validity of your macro.How to Stop Simple SQL Injection
To prevent SQLi on mysql is very simple, just use the mysql_real_escape string for query, as an example:
$ query = sprintf ("Select * from user where user = '% s' and password = '% s',
mysql_real_escape_string ($ username)
mysql_real_escape_string ($ password)
Advice: After taking success on this scanner, try to exploit a heart 🙂
Good luck!
It will work on the GET parameters using websites only.
You need to:
- Python 3.4
- Internet connection
- A weak website
- Computer with Windows or Linux
If you have not yet installed the python, download it from the link below:
https://www.python.org/downloads/
Python Basics
It has been written in Python C, it is one of the easiest programming languages for hacking tools, it contains a lot of very useful Libs, today, we will use 1 of them,
Finding a Website to Test
To use simple SQL Dork, you can easily find a website, such as Inirlin: "index.php? Cat_id =" You can see a weak site dump on the web
Step by step code check your first simple SQLi vulnerability with Python:
Before starting coding, create a new .py file
Importing of main libraries
This time we will use the sys, urlib, and urllib.request module, so import the imports, urlib, urllib.request or import sys, import urlib and import urlib.request into the new line and import those 3
Codify your first simple SQL probe vulnerability with Python
Explanation: 'Import' libraries are used to import, such as urllib or os, systems
Selecting input type
Now we need to choose the input type, first one is very easy, the second one is hard. This time we will use the first one, but it does not affect the other lines of code
1) Use the input ("") command to get user input. This time it will be:
fullurl = input ("specify full weak url:")
Codify your first simple SQL checking vulnerability with Python
Explanation: 'variable = input' ('Input:') 'User Input' sets' var 'variable', the text viewed by user on 'Input:' input line is
2) Use the logic to specify the data:
For Karag in sys.argv:
If carg == "-w":
argnum = sys.argv.index (carg)
argnum + = 1
Absolute = sys.argv [argnum]
Codify your first simple SQL checking vulnerability with Python
Explanation: 'If' is a well-known macro stanement right now, we are using it to determine the curant arg, the second line - indicates the second argument, 'in' - if a string is specified in one Checks the text
Coding program to a web request
This is the most important part.
resp = urllib.request.urlopen (fullslural + "= 1 \ 'or \' 1 \ '= \' 1 \ ')"
Body = resp.read ()
Furnishth = body.decode ('utf-8')
Codify your first simple SQL probe vulnerability with Python
Explanation: resp variable response response, body - feedback text, full speech - decode request request is set to text, '+' is an additional variable on Python, \ escape character
Creating a program to set goals is whether the goal is weak or not
Now, after we have a response, we have to check whether there are SQL errors in it or not.
We will use this code for:
If there is "an error in your SQL syntax" in full:
Print ("Website Classic SQL Injection Is Weak!")
other:
Print ("Website classic SQL injection is not weak!")
Codify your first simple SQL checking vulnerability with Python
Explanation: If the response is specified in the text or not, then we use the 'macro'.
Scanner with the first type of user input received
Codify your first simple SQL checking vulnerability with Python
With another type
Codify your first simple SQL probe vulnerability with Python
So yes, that's it!
Save the file, open the CMD and the 'Python filename' and input the requested information; If you were using the second method, use 'Python filenamy.py -w website'. It will check that the site's weak 🙂
The copied code can not work, please rewrite it in your file 🙂
If you had errors in syntax
Unexpected confirmation appears when there are problems with the tabs.
Problems with syntax are mostly visible on problems with macros. If this error occurred, please check the validity of your macro.How to Stop Simple SQL Injection
To prevent SQLi on mysql is very simple, just use the mysql_real_escape string for query, as an example:
$ query = sprintf ("Select * from user where user = '% s' and password = '% s',
mysql_real_escape_string ($ username)
mysql_real_escape_string ($ password)
Advice: After taking success on this scanner, try to exploit a heart 🙂
Good luck!
Much about Technology and a bit about Everything. We provide high quality of Information and tips tricks than bookmark us.updates daily.Have a Visit.
No comments:
Post a Comment