A library to simplify SQL injections during CTFs
Project description
SQLInjectLib
Introduction
A library to simplify SQL injections during CTFs
Tutorial
First of all you need to find out the type of injection you need
Union Injection
You need an injection function
An injection function is function that takes an SQL expression as input and returns a string
Example
We need to print all the username in a table of users in a website that is vulnerable to a simple union injection
The website does something like this in the backend
$cursor=query("SELECT name,price FROM cars WHERE name like '%".$_POST["search"]."%') foreach($cursor as $elem) echo $elem[0].",".$elem[1]The website gives us the result 'lol' if we send a string in the search like "42' union select 'lol',4"
Now we need to build our injection function, the library will use our injection function later to extract informations from the database
To do so, we need to:
- create a string that will be sent to the server
- send the string to the server
- parse the response to return the result
def injection(expr): query=f'42" union select {expr},4' response=post(URL,query) return response.split(',')[0]in this case our query string is like the example before but with 'lol' replace with a generic expression
post can be anything that sends our query to the server and returns its response
We need to return the result of our query, in our case response without the second value (4)
Now we need to build our SQLInjector object, in this case we use an UnionInjector object
inject = UnionInjector(union_injection, database_type=MySQL())This object contains all the code we need to have a nice console to use to perform our injection You need to know the database type, in our example we use MySQL
Now to use the object and have our console we use its main method
inject.main()When you run the program an interactive session will be presented
In this console you can execute every SQL query you want plus some special commands
With help you can list these special commands
Warning: if you select a column or a table that does not exist, you could get a python exception and the program may crash
Installation
Install locally with:
python3 -m pip install sqlinjectlib
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file sqlinjectlib-0.1.2.tar.gz.
File metadata
- Download URL: sqlinjectlib-0.1.2.tar.gz
- Upload date:
- Size: 23.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.2.2 CPython/3.10.2 Linux/5.15.0-1022-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0f48321e8ecfb42dd3eeca13d34cdd7c3c5003bddcfe1d37d1c077f7d9a6417c |
|
| MD5 | 5fe0ab27ce4369868517fab3110ac978 |
|
| BLAKE2b-256 | 1ead0ac6b07527760bf29f459a5f32af3cfd89545b8a60c6d27c2941ba51781c |
File details
Details for the file sqlinjectlib-0.1.2-py3-none-any.whl.
File metadata
- Download URL: sqlinjectlib-0.1.2-py3-none-any.whl
- Upload date:
- Size: 25.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.2.2 CPython/3.10.2 Linux/5.15.0-1022-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4a0e8491c92e71d34a5cfe4221adc12245d6456637186fd0d98b942600a90846 |
|
| MD5 | 9469abc453f369a0d98898e0bdc70b20 |
|
| BLAKE2b-256 | 6ac420f1152cdceaf4e5a5a5eb66db16fc4a27d05902a997365747a2d14b1a9d |
