Blind UNION-based SQLi with Python. See how Python can beat Burp Suite in brute-forcing speed and boost your hacking efficiency.
Once, I was sharpening my skills on blind SQL injection by enumerating a vulnerable web application. I found the trivial username ‘administrator’ and his password length using conditional statements within the cookie field:
‘ UNION SELECT ‘a’ FROM users WHERE username=’administrator’ AND length(password)=20--
What was the indication that this is a successful SQLi hunt? Let’s see what the BurpSuite Comparer has to offer:
Left — false SQL statement. Right — true SQL statement.
As it usually happens there’s a subtle difference in the web application’s response when testing for the blind SQL injection.
SQL stands for Structured Query Language. SQL is a scripting language expected to store, control, and inquiry information put away in social databases. The main manifestation of SQL showed up in 1974, when a gathering in IBM built up the principal model of a social database. The primary business social database was discharged by Relational Software later turning out to be Oracle.
Python is one of the most go-for languages among the developers due to the availability of open-source libraries and frameworks.
Debug SQL stored procedures and develop your SQL database project with dbForge SQL Complete, a new add-in for Visual Studio and SSMS. When you develop large chunks of T-SQL code with the help of the SQL Server Management Studio tool, it is essential to test the “Live” behavior of your code by making sure that each small piece of code works fine and being able to allocate any error message that may cause a failure within that code.
Python for Ethical Hacking will be discussing on how Python programming can be used for ethical hacking engagement.
In this tutorial, you’re going to learn a variety of Python tricks that you can use to write your Python code in a more readable and efficient way like a pro.