**************************************** README FILE *************************************
Product Name: Automated_SQL_Exploit (ExtractDataUsingBlindSqlInjection.py) Authors: Varun Gaur, ASU ID: 1210414176 Shreyas Talele, ASU ID: 1209355546 Date: 29-April-2016 Subject Name: CSE 545 - Software Security Project Name: Blind SQL injection
ABSTRACT This project once deployed based on instructions provided in ReadMe, performs data extraction from vulnerable URL. It is a standalone python program which accept Command Line inputs like vulnerable URL, GET or POST based mode of extraction etc. Program run in two mode
- Fully automated: Here program extract the current user schema details which any user intervention
- User input based extraction: Here program asks for user input to identify which specific data user want to extract like specific scheme User looking for etc.
**************************************** CONTENTS *****************************************
I. DELIVERABLES II. HOW TO EXECUTE PROGRAM III. MINIMUM SYSTEM REQUIREMENTS IV. LIBRARIES REQUIRED V. FEEDBACK & UPDATES
I. DELIVERABLES
Following files are delivered for this project:
- ExtractDataUsingBlindSqlInjection.py
II. HOW TO EXECUTE PROGRAM
LINUX
- Run the above file using following command: python ExtractDataUsingBlindSqlInjection.py
- It will execute above file and will expect from user to provide input.
**** Further details with screenshots are attached in TestCasesReport.pdf file ****
III. MINIMUM SYSTEM REQUIREMENTS
LINUX ¥ Ubuntu 14.04 64-bit ¥ Ubuntu 14.04 32-bit
IV. LIBRARIES REQUIRED ¥ Ubuntu 14.04 64-bit/32-bit ¥ Python 2.7+ ¥ Python libraries : urllib,urllib2
V. FEEDBACK & UPDATES For any updates and feedback, please contact : Varun Gaur (ASU ID : 1210414176), Shreyas Talele (ASU ID: 1209355546)
****************************************** END ***********************************************