This Python script demonstrates an SQL
injection exploit. It exploits a vulnerability in a target API
endpoint to retrieve sensitive information by injecting malicious SQL
queries.
- Ensure that Python3 is installed on your system.
- Install the required dependencies by running the following command:
pip install requests
- Open the
sql-inject.py
file and replace the IP address (10.10.10.10
) in the URL with the target API endpoint. - Run the script using the following command:
python3 sql-inject.py
The script will execute the exploit and display the results.
USE AT YOUR OWN RISK! This script is provided for educational purposes only. It is essential to obtain proper authorization before conducting any security testing on systems you do not own. The author and OpenAI disclaim any responsibility for misuse or damage caused by this script.
- Exploits an SQL injection vulnerability in the target API endpoint.
- Retrieves sensitive information by injecting malicious SQL queries.
- Implements a simple retry mechanism to bypass Web Application Firewalls (WAFs).
- Discovers the target domain and Domain SID using UNION-based SQL injection.
- Enumerates user accounts associated with the Domain SID.
- Utilizes hexadecimal encoding and Unicode escape sequences for payload injection.
- This script assumes a specific vulnerability and may not work against all SQL injection scenarios.
- It is designed for educational purposes and may require modifications for use in real-world scenarios.
- Use with caution and only on systems where you have proper authorization.
This script was created by David Forsythe.