Skip to content
/ blind_sqli_extractor Public

Tool to automate the process of exploiting blind SQL injection vulnerabilities.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Miguer-dev/blind_sqli_extractor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
classes.py
classes.py
 
 
main.py
main.py
 
 
structs.py
structs.py
 
 
utils.py
utils.py
 
 

Repository files navigation

Blind SQLi Extractor

This tool was created in order to automate the exploitation of blind SQL injections while I was practicing my scripting with python.

Usage

You need to modify the main.py file to add the injection parameters. image

  • main_url: url of the website, specifically where the exploit is located. It must contain http:// or https://.
  • headers: map with the headers of the request. Include cookies.
  • method:
    • PostRequest()
    • GetRequest()
  • data: in case of a Post type request, add a map with the data to be sent. In case of GET, add a string with the value passed by url.
  • atribute_to_exploit: only add in case of Post, name of the field in data where to add the payload.
  • condition: condition that must be met for the request to be True.
    • TextInCondition(): a specific text is found in the response.
    • StatusEqualCondition(): response status.
  • payload: only one for now ConditionalPayload().
  • num_threads: number of threads to use to make several requests without waiting for responses.

About

Tool to automate the process of exploiting blind SQL injection vulnerabilities.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages