Results 1 to 3 of 3

Thread: Sql-Drive-By - New software for finding sql vulnerable sites

  1. #1
    Junior Member
    Join Date
    Apr 2013
    Posts
    7

    Sql-Drive-By - New software for finding sql vulnerable sites

    Afternoon guys

    I just finished version 1.0.0 of a program I am calling sql drive by. This program was created when I was teaching a friend about website vulnerabilities and was finding it difficult to find an sql injection vulnerable website to show how to test for the vulnerability. I wanted a program that not only made it easier to find these sites but also emphasizes how many sites out these are still vulnerable to SQLi and why people should be paying more attention to fixing these issues.

    A quick description of its use would be like this:

    python3 sqldriveby.py --term=index.php?id=

    The term can be any dork you can think of and the program will then run through and return a list of pages that look to be possibly vulnerable.

    You can change the depth of search and choose between search engines. Currently yahoo and bing. It also includes an admin page finder.

    You can find my git here:

    https://github.com/Dosk3n/sql-drive-by

    Thanks,

    -D

  2. #2
    Junior Member
    Join Date
    Oct 2016
    Posts
    15
    Hey Dosk3n,

    Thank you for writing this and sharing with everybody. I've just downloaded and am running some now so thought I'd offer a review

    Environment
    > Raspberry Pi 2
    > Internet @ ~250KBps
    > Ethernet - eth0
    > Kali 2 Rolling ARM

    Installation
    Incredibly easy, just follow the instructions on Github. No errors and downloaded fine. Dependencies installed ok.

    Usage
    Very easy to use, straightforward and simple UI that's easy to understand.

    Results
    Unfortunately, I've not yet found any SQL vulnerable websites with the program. Either a good sign of IT security in general or a bad sign for usage - more testing is required. So far, I've tried a depth of up to 3 on both search engines with the term "index.php?id=" (if I get any results after posting, I'll edit / update).

    Tested "find-admin" on a few of my sites and all were found

    Recommendations
    Would be nice to have a verbose mode to see a little bit of what is happening in the background but not overly needed if you understand the theory (or look at the source). No other suggestions

    Tommo
    Last edited by tbdev; 2016-12-06 at 01:57 AM. Reason: Inclusion of OS version

  3. #3
    Junior Member
    Join Date
    Apr 2013
    Posts
    7
    Thank you for the feedback.

    I find that the specific term you are using is probably the most common so its usually the one that is patched the quickest. I have just tested with term "user.php?id=" and it fetched results with a depth of 3. Obviously the higher depth the more results you will return.

    I have started taking notes for the added features for the next versions so I will be sure to add a verbose mode.

    Thanks,

    -D

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •