Created SQL Injection (SQLi) Libraries (markdown)
This commit is contained in:
h00die
@@ -0,0 +1,35 @@
|
||||
SQL Injection library support was added in 2020 by @red0xff during the Google Summer of Code.
|
||||
|
||||
# Supported Databases
|
||||
* MySQL/MariaDB (#13596)
|
||||
* SQLite (#13847)
|
||||
* PostgreSQL (#14067)
|
||||
|
||||
# Supported Techniques
|
||||
* Boolean Based Blind
|
||||
* Time Based Blind
|
||||
|
||||
| | MySQL/MariaDB | SQLite | Postgres |
|
||||
|---------------------|---------------|--------|----------|
|
||||
| Boolean Based Blind | X | X | |
|
||||
| Time Based Blind | X | X | |
|
||||
| | | | |
|
||||
|
||||
## How to use in a module
|
||||
|
||||
You'll need to start off by including the library.
|
||||
|
||||
```
|
||||
include Msf::Exploit::SQLi
|
||||
```
|
||||
|
||||
Next we create our SQLi object:
|
||||
|
||||
```
|
||||
sqli = create_sqli(dbms: MySQLi::Common, opts: sqli_opts) do |payload|
|
||||
# Here is where we write in what to do each request using #{payload} as the spot to inject
|
||||
end
|
||||
```
|
||||
|
||||
`dbms` can be set to either `Common` if the DB isn't know, or one of the other databases and methods if it is known ahead of time such as `SQLitei::BooleanBasedBlind`
|
||||
`sqli_opts` is a hash containing all of the options: https://github.com/red0xff/metasploit-framework/blob/master/lib/msf/core/exploit/sqli/common.rb#L10
|
||||
Reference in New Issue
Block a user