Project description

SQLInjectLib

Introduction

A library to simplify SQL injections during CTFs

Tutorial

First of all you need to find out the type of injection you need

Union Injection

You need an injection function

An injection function is function that takes an SQL expression as input and returns a string

Example

We need to print all the username in a table of users in a website that is vulnerable to a simple union injection

The website does something like this in the backend
$cursor=query("SELECT name,price FROM cars WHERE name like '%".$_POST["search"]."%')
foreach($cursor as $elem)
  echo $elem[0].",".$elem[1]
The website gives us the result 'lol' if we send a string in the search like "42' union select 'lol',4"

Now we need to build our injection function, the library will use our injection function later to extract informations from the database

To do so, we need to:

create a string that will be sent to the server

send the string to the server

parse the response to return the result
def injection(expr):
    query=f'42" union select {expr},4'
    response=post(URL,query)
    return response.split(',')[0]
in this case our query string is like the example before but with 'lol' replace with a generic expression

post can be anything that sends our query to the server and returns its response

We need to return the result of our query, in our case response without the second value (4)

Now we need to build our SQLInjector object, in this case we use an UnionInjector object
inject = UnionInjector(union_injection, database_type=MySQL())
This object contains all the code we need to have a nice console to use to perform our injection You need to know the database type, in our example we use MySQL

Now to use the object and have our console we use its main method
inject.main()
When you run the program an interactive session will be presented

In this console you can execute every SQL query you want plus some special commands

With help you can list these special commands

Warning: if you select a column or a table that does not exist, you could get a python exception and the program may crash

Installation

Install locally with:
python3 -m pip install sqlinjectlib

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.1.2

Nov 12, 2022

0.1.1

Nov 8, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sqlinjectlib-0.1.2.tar.gz (23.4 kB view hashes)

Uploaded Nov 12, 2022 Source

Built Distribution

sqlinjectlib-0.1.2-py3-none-any.whl (25.7 kB view hashes)

Uploaded Nov 12, 2022 Python 3

Hashes for sqlinjectlib-0.1.2.tar.gz

Hashes for sqlinjectlib-0.1.2.tar.gz
Algorithm	Hash digest
SHA256	`0f48321e8ecfb42dd3eeca13d34cdd7c3c5003bddcfe1d37d1c077f7d9a6417c`
MD5	`5fe0ab27ce4369868517fab3110ac978`
BLAKE2b-256	`1ead0ac6b07527760bf29f459a5f32af3cfd89545b8a60c6d27c2941ba51781c`

Hashes for sqlinjectlib-0.1.2-py3-none-any.whl

Hashes for sqlinjectlib-0.1.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`4a0e8491c92e71d34a5cfe4221adc12245d6456637186fd0d98b942600a90846`
MD5	`9469abc453f369a0d98898e0bdc70b20`
BLAKE2b-256	`6ac420f1152cdceaf4e5a5a5eb66db16fc4a27d05902a997365747a2d14b1a9d`