Locked SQLbit: automatize boolean-based blind SQL injections

By itsMe
November 11, 2021 in Pentesting

Followers 0

Start new topic

Recommended Posts

itsMe

Posted November 11, 2021

- Share

Posted November 11, 2021

This is the hidden content, please

SQL Blind Injection Tool

A script for automatizing boolean-based blind SQL injections.
Works with SQLite at least supports using cookies.
It uses bitwise comparisons with multithreading to find cell values instead of binary search, which is more efficient.

It’s able to:

    Search cell values by columns in a table
    Search characters count in a cell by columns in a table
    Search rows count in a table

The search algorithm is shown below.

Knowing the name of its column (‘sqlite_master’ by default in sqlite, for example) and the column name of it (‘name’ in sqlite) you can find values of every cell in every row. And the fastest algorithm for this is checking the binary values of every character in every cell, which can be performed using multiple threads. Considering this, we can send only 7 requests to get the standard 7-bit letter, and using 1000 threads, we get ~142 letters per moment (it’s also worth keeping in mind requests to get the length of a cell value).

This is the hidden content, please

Link to comment

Share on other sites

This topic is now closed to further replies.

Followers 0

Go to topic listing

Similar Content
- Coding for Absolute Beginners - Master the Basics of Computer Programming with Python, Java, SQL EBUP Book
  
  By ~~emad86~~ , April 9, 2023
  - book
  - ebup
  - (and 15 more)
    
    Tagged with:
    
    book
    
    ebup
    
    sql
    
    java
    
    with
    
    computer
    
    basics
    
    the
    
    master
    
    beginners
    
    absolute
    
    for
    
    coding
    
    programming
    
    python
    
    python,
    
    java,
  - 0 replies
  - 180 views
- Bropper: automatic Blind ROP exploitation tool
  
  By itsMe, April 1, 2023
  - bropper:
  - automatic
  - (and 4 more)
    
    Tagged with:
    
    bropper:
    
    automatic
    
    blind
    
    rop
    
    exploitation
    
    tool
  - 0 replies
  - 147 views
- OWASP TOP 10: SQL injection ~ 2023
  
  By itsMe, March 8, 2023
  - owasp
  - top
  - (and 4 more)
    
    Tagged with:
    
    owasp
    
    top
    
    10:
    
    sql
    
    injection
    
    2023
  - 0 replies
  - 150 views
- SQL Login Bypass
  
  By dEEpEst, February 27, 2023
  - sql
  - login
  - (and 1 more)
    
    Tagged with:
    
    sql
    
    login
    
    bypass
  - 0 replies
  - 147 views
- Sqlmap v1.7.2 - automates the process of detecting and exploiting SQL injection flaws
  
  By itsMe, February 2, 2023
  - sqlmap
  - v1.7.2
  - (and 9 more)
    
    Tagged with:
    
    sqlmap
    
    v1.7.2
    
    automates
    
    the
    
    process
    
    detecting
    
    and
    
    exploiting
    
    sql
    
    injection
    
    flaws
  - 0 replies
  - 215 views

Sign In

Locked SQLbit: automatize boolean-based blind SQL injections

Recommended Posts

itsMe

Link to comment

Share on other sites

Similar Content

Coding for Absolute Beginners - Master the Basics of Computer Programming with Python, Java, SQL EBUP Book

Bropper: automatic Blind ROP exploitation tool

OWASP TOP 10: SQL injection ~ 2023

SQL Login Bypass

Sqlmap v1.7.2 - automates the process of detecting and exploiting SQL injection flaws

Browse

Activity

Store

Important Information