This is all about creating a tool which can scan a website for SQLi vulnerability.
What Is SQLi
SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a
security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal
escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack
vector for websites but can be used to attack any type of SQL database.[More]
Things You Need :
1. A Computer
So first of all download Python from here http://python.org/downloads
If you already have then wow! You are amazing????
Now open Python and create a new file.
Type these commands, codes whatever you may say :
import sys, urllib, urllib.request
url = input(“Hi! Input The URL To Check For Its Vulnerability : “)
for carg in sys.argv:
if carg == “-w”
url = sys.argv[a]
b = urllib.request.urlopen(fullurl + “=1\’ or \’1\’ = \’1\””)
body = b.read()
webbody = body.decode(‘utf-8’)
if “You have an error in your SQL syntax” in webbody:
print (“Hell0 ! The URL You Entered Is SQL Injection Vulnerable ! :)”)
print (“Hi ! 🙁 The URL You Entered Is Not A SQLi Vulnerable.”)
Now save the file with name “SQLi.py” You can use any other name !
Now run Command Prompt and type
Enter the URL and check for the SQLi vulnerability
Try it and share your problems if any !
To get latest update Subscribe to our Newsletter