sqli
SQL injection detection, payloads, union extraction.
Load with: use sqli
Quick example
use sqli
result = sqlii(10)
prn(result)Functions
Payload generators
sqlif()
Performs the operation.
sqlif()
Performs the operation.
sqlif()
Performs the operation.
sqlif()
Performs the operation.
sqlif()
Performs the operation.
sqlif()
Performs the operation.
sqlif()
Performs the operation.
sqlif()
Performs the operation.
Detection
sqlii(response)
Performs the operation. Takes response.
sqlii(url, param)
Performs the operation. Takes url, param.
sqlii(url, param, delay_secs)
Performs the operation. Takes url, param, delay_secs.
Data extraction
sqliu(url, param, max_cols)
Performs the operation. Takes url, param, max_cols.
sqliu(url, param, cols, pos, query)
Performs the operation. Takes url, param, cols, pos, query.
sqliv(url, param, cols, pos)
Performs the operation. Takes url, param, cols, pos.
sqliu(url, param, cols, pos)
Performs the operation. Takes url, param, cols, pos.
Blind extraction
sqlib(url, param, query, bit_pos)
Performs the operation. Takes url, param, query, bit_pos.
WAF bypass
sqliw(payload)
Performs the operation. Takes payload.
SQLMap-style scan
sqlis(url, params)
Returns true/false based on a condition. Takes url, params.
Notes
- SQL injection detection and testing. Use only on systems you own.