Nmap Development mailing list archives
[NSE] http-blindsql-injection.nse
From: George Chatzisofroniou <sophron () latthi com>
Date: Thu, 5 Sep 2013 20:04:23 +0300
The attached script finds blind SQL injections using two common methods: Content-based and Time-based. You can disable a technique with the use of 'timebased' and 'contentbased' options. More info about the techniques: https://www.owasp.org/index.php/Blind_SQL_Injection The script, by default, checks for SQLi on both URLs and forms unless you don't want to where you can use checkurls and checkforms boolean options. There is also a singlepages option to test it against specific pages and a diffratio option to manually set the least ratio of content length difference between the HTML responses when testing for content-based blind SQLi. You run it like this: ./nmap -p80 -n -Pn --script http-blindsql-injection some-random-page.com And the output looks like this: PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-blindsql-injection: | Found the following possible blind SQL injection vulnerabilities: | | | Path: http://some-random-page.com:80/ | Field: password | Method: POST | Submission: http://some-random-page.com:80//search.php | | SQLi: 1' or SLEEP(10) and '1'='1 | Time difference: 8.0084838867188 | | SQLi true response: 1' OR '1'='1 | SQLi false response: 1' AND '1'='2 |_ Responses diff ratio: 0.25 I've tested it against a simple web app of my own and it worked good. Hope you like it, -- George Chatzisofroniou
Attachment:
http-blindsql-injection.nse
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-blindsql-injection.nse George Chatzisofroniou (Sep 05)