-
Notifications
You must be signed in to change notification settings - Fork 14.4k
SQL Injection (SQLi) Libraries
h00die edited this page Oct 26, 2020
·
8 revisions
SQL Injection library support was added in 2020 by @red0xff during the Google Summer of Code.
- MySQL/MariaDB (#13596)
- SQLite (#13847)
- PostgreSQL (#14067)
- Boolean Based Blind
- Time Based Blind
| MySQL/MariaDB | SQLite | Postgres | |
|---|---|---|---|
| Boolean Based Blind | X | X | |
| Time Based Blind | X | X | |
You'll need to start off by including the library.
include Msf::Exploit::SQLi
Next we create our SQLi object:
sqli = create_sqli(dbms: MySQLi::Common, opts: sqli_opts) do |payload|
# Here is where we write in what to do each request using #{payload} as the spot to inject
end
dbms can be set to either Common if the DB isn't know, or one of the other databases and methods if it is known ahead of time such as SQLitei::BooleanBasedBlind
sqli_opts is a hash containing all of the options: https://github.com/red0xff/metasploit-framework/blob/master/lib/msf/core/exploit/sqli/common.rb#L10
- Home Welcome to Metasploit!
- Using Metasploit A collection of useful links for penetration testers.
-
Setting Up a Metasploit Development Environment From
apt-get installtogit push. - CONTRIBUTING.md What should your contributions look like?
- Landing Pull Requests Working with other people's contributions.
- Using Git All about Git and GitHub.
- Contributing to Metasploit Be a part of our open source community.
- Meterpreter All about the Meterpreter payload.