This blog is NOT OFFICIAL website of Kali Linux. We just share Tutorials to learn Cybersecurity.

Advanced SQL Injection In Easy Steps

Home
SQL Injection is a very familiar for every penetration testers.

SQL Injection or SQLi is a  type of an injection attack which makes possible to execute malicious SQL codes. Those codes can control a database server. Attacker can use SQL vulnerabilities to bypass the security of a web application, and they can access the database of web server. This attacks comes in public in the year 1998 in a article in "Phrack" magazine. So we can call it very old vulnerability. New web applications are almost free from SQLi vulnerabilities.

But their are billions of old websites are still have the fault in SQL. Anyone can easily find those websites using "Google dorks".
SQL injection is a very easy attack, even a 4 year old can perfrom this with the help of some automated tool like haviz, but advanced SQL injection is not so easy but here we have a tool that make easy normal and advanced SQL injection quite easy. The name of the tool is LazySQLi.

lazysqli by cipherhexx


This is written in bash and it is very user friendly and easy to use. At first we need to clone this tool from github to do that we open our terminal window and type following command :

git clone https://github.com/cipherhexx/lazySQLi
The following screenshot is the output of preceding command:

cipherhexx github


Now we need to go to the directory by using cd command, and then ls command to see the files in the directory,as following:

cd LazySQLi

The screenshot is following:

lazysqli


Now, we need to give executable permission to the file by using following command:

chmod +x LazySqli

This tool is specially made for Termux environment but we gonna use it in Our Kali Linux system, so we need a little bit configuration. We open the bash script with leafpad by using following command :

leafpad lazySqli

Then we change the first line to #!/bin/bash whatever it is. Check the following screenshot:

lazysqli for linux


Then save the script and close leafpad.

Now run the bash script by using following command:

./lazSQLi

Output of the preceding command is following:

Lazysqli

Now we are going to install the requirements by pressing 1, this is for first run only. This may take some time depending on internet speed.

The screenshot is following:


After successfully installed we need to run again this tool by using ./lazySQLi and select option 2 :

./lazySQLi
The screenshot is following:


lazysqli an advanced sqli tool codded by cipherhexx

Here we can see lots of types are SQL injections are available, normal injection and advanced injection are supported.

Enter our choice (type of injection) and enter vulnerable website and then the automated script will RUN.
author-img
Kali Linux

Comments

11 comments
Post a Comment
  • Unknown photo
    UnknownMarch 26, 2019 at 10:44 PM

    Bhot hard

    Delete Comment
    • smiler kai photo
      smiler kaiJanuary 6, 2020 at 9:21 PM

      Does it still work? , I would like to ask now to know if I should install it,thank for seeing

      Delete Comment
    • smiler kai photo
      smiler kaiJanuary 9, 2020 at 3:18 PM

      and Does it work better than sqlmap?

      Delete Comment
      • Kali Linux photo
        Kali LinuxJanuary 9, 2020 at 6:59 PM

        This uses SQLMap to scan .. just you no need to remember the long commands of SQLMap...

        Delete Comment
      • smiler kai photo
        smiler kaiJanuary 9, 2020 at 4:11 PM

        ./LazySqli: line 68: cd: sqlmap: No such file or directory
        python2: can't open file 'sqlmap.py': [Errno 2] No such file or directory
        Enter the name of the database you got from sqlmap
        is it now admin, and so it is not scanable or i am missing some steps @@

        Delete Comment
        • Kali Linux photo
          Kali LinuxJanuary 9, 2020 at 7:00 PM

          did you installed requirements ?? Real the tutorial carefully..

          Delete Comment
          • smiler kai photo
            smiler kaiJanuary 10, 2020 at 6:42 PM

            yes, I followed the same steps even though I used sqlmap but your cd didn't ... still show the above lines ...

            Delete Comment
            • Kali Linux photo
              Kali LinuxJanuary 10, 2020 at 7:41 PM

              Sorry for the problem Smiler Kali...I don't know you should start an issue in the github page of this tool
              https://github.com/cipherhexx/LazySQLi
              May the developer fix your issue.

              Delete Comment
            • Azlan photo
              AzlanMay 18, 2020 at 6:26 PM

              Direct Fuel-Injection goes above and beyond by putting the injector legitimately in the burning chamber, much the same as a flash fitting.injector cleaner

              Delete Comment
              google-playkhamsatmostaqltradent