Advanced SQL Injection In Easy Stapes

SQL Injection is a very familiar for every penetration testers.

SQL Injection or SQLi is a  type of an injection attack which makes possible to execute malicious SQL codes. Those codes can control a database server. Attacker can use SQL vulnerabilities to bypass the security of a web application, and they can access the database of web server. This attacks comes in public in the year 1998 in a article in "Phrack" magazine. So we can call it very old vulnerability. New web applications are almost free from SQLi vulnerabilities.

But their are billions of old websites are still have the fault in SQL. Anyone can easily find those websites using "Google dorks".
SQL injection is a very easy attack, even a 4 year old can perfrom this with the help of some automated tool like haviz, but advanced SQL injection is not so easy but here we have a tool that make easy normal and advanced SQL injection quite easy. The name of the tool is LazySQLi.

lazysqli by cipherhexx


This is written in bash and it is very user friendly and easy to use. At first we need to clone this tool from github to do that we open our terminal window and type following command :

git clone https://github.com/cipherhexx/lazySQLi
The following screenshot is the output of preceding command:

cipherhexx github


Now we need to go to the directory by using cd command, and then ls command to see the files in the directory,as following:

cd LazySQLi

The screenshot is following:

lazysqli


Now, we need to give executable permission to the file by using following command:

chmod +x LazySqli

This tool is specially made for Termux environment but we gonna use it in Our Kali Linux system, so we need a little bit configuration. We open the bash script with leafpad by using following command :

leafpad lazySqli

Then we change the first line to #!/bin/bash whatever it is. Check the following screenshot:

lazysqli for linux


Then save the script and close leafpad.

Now run the bash script by using following command:

./lazSQLi

Output of the preceding command is following:

Lazysqli

Now we are going to install the requirements by pressing 1, this is for first run only. This may take some time depending on internet speed.

The screenshot is following:


After successfully installed we need to run again this tool by using ./lazySQLi and select option 2 :

./lazySQLi
The screenshot is following:


lazysqli an advanced sqli tool codded by cipherhexx

Here we can see lots of types are SQL injections are available, normal injection and advanced injection are supported.

Enter our choice (type of injection) and enter vulnerable website and then the automated script will RUN.
Advanced SQL Injection In Easy Stapes Advanced SQL Injection In Easy Stapes Reviewed by Kali Linux on March 26, 2019 Rating: 5

1 comment:

Powered by Blogger.