Search
Latest topics
Who is online?
In total there are 4 users online :: 0 Registered, 0 Hidden and 4 Guests None
Most users ever online was 38 on Sun Mar 19, 2023 10:07 pm
Most Viewed Topics
Source SQL Injection String Encoder Tool
2 posters
Page 1 of 1
Source SQL Injection String Encoder Tool
Hi Guest!
I've been learning Python for a few days and eventually I release my first tool coded in it. I hope you like it Smile
This tool takes a string as an argument and encode it in a way that will fit in a SQL query.
Code:
Test --> concat(CHAR((20 | 64)),CHAR((68 | 33)),CHAR((82 | 33)),CHAR((80 | 36)),0x00)
The encoding algorithm made by me. Anyway, here it is;
Usage:
Code:
SSE.py [string here]
Screenshot:
[img][You must be registered and logged in to see this link.][/img]
*Drumroll*
CODE:
# -*- coding: cp1254 -*-
import sys
def f(y,z):
"""This function generates a list of numbers.
Those numbers will be equal to 'z' when you 'bitwise or' them with 'y'"""
my_list = range(256)
return filter(lambda x: x | y == z, my_list)
def g(z):
"""This function generates a matrix of f(y,z)"""
my_matrix = list()
for y in range(33,126):
if y != z:
result = f(y,z)
if len(result) > 0:
result.append(y)
my_matrix.append(result)
return my_matrix
def enc(t):
"""Encoding"""
result = "concat("
my_matrix = list()
for c in t:
my_list = g(ord(c))
for i in my_list:
for item in i:
if item != ord(c):
result += "CHAR((" + str(item) + " | " + str(i[-1]) + ")),"
break
break
result += "0x00)"
return result
print '''
Coded by
____ ____ ____ ___ ___ _ _ ____ ____ _ _ ____ ___ ____ _ _
|__/ | | | | | | |__| |___ [__ \_/ [__ | |___ |\/|
| \ |__| |__| | | | | |___ ___] | ___] | |___ | |
||SQL Injection String Encoder||
'''
print enc(sys.argv[1])
I've been learning Python for a few days and eventually I release my first tool coded in it. I hope you like it Smile
This tool takes a string as an argument and encode it in a way that will fit in a SQL query.
Code:
Test --> concat(CHAR((20 | 64)),CHAR((68 | 33)),CHAR((82 | 33)),CHAR((80 | 36)),0x00)
The encoding algorithm made by me. Anyway, here it is;
Usage:
Code:
SSE.py [string here]
Screenshot:
[img][You must be registered and logged in to see this link.][/img]
*Drumroll*
CODE:
# -*- coding: cp1254 -*-
import sys
def f(y,z):
"""This function generates a list of numbers.
Those numbers will be equal to 'z' when you 'bitwise or' them with 'y'"""
my_list = range(256)
return filter(lambda x: x | y == z, my_list)
def g(z):
"""This function generates a matrix of f(y,z)"""
my_matrix = list()
for y in range(33,126):
if y != z:
result = f(y,z)
if len(result) > 0:
result.append(y)
my_matrix.append(result)
return my_matrix
def enc(t):
"""Encoding"""
result = "concat("
my_matrix = list()
for c in t:
my_list = g(ord(c))
for i in my_list:
for item in i:
if item != ord(c):
result += "CHAR((" + str(item) + " | " + str(i[-1]) + ")),"
break
break
result += "0x00)"
return result
print '''
Coded by
____ ____ ____ ___ ___ _ _ ____ ____ _ _ ____ ___ ____ _ _
|__/ | | | | | | |__| |___ [__ \_/ [__ | |___ |\/|
| \ |__| |__| | | | | |___ ___] | ___] | |___ | |
||SQL Injection String Encoder||
'''
print enc(sys.argv[1])
cloud9- Moderator
- Posts : 38
Join date : 2014-04-09
Age : 34
Re: Source SQL Injection String Encoder Tool
Hi, i'm a complete noob at coding. What does this do exactly?
rockit- Noob
- Posts : 7
Join date : 2014-05-27
Re: Source SQL Injection String Encoder Tool
This program manipulates the given string so it wouldn't be recognized. I'll give you more details when I'm on PC (I'm on mobile currently)
Detailed information about encoding: [You must be registered and logged in to see this link.]
Detailed information about encoding: [You must be registered and logged in to see this link.]
cloud9- Moderator
- Posts : 38
Join date : 2014-04-09
Age : 34
Similar topics
» CMD tool to get external and local IPs
» [C#] String Case-Inversion
» SQL injection and Quote escaping
» [C#] String Case-Inversion
» SQL injection and Quote escaping
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
Tue Feb 02, 2021 7:12 am by manas41
» SQL injection and Quote escaping
Sun Jun 28, 2015 11:42 am by ADS1
» [TUT] Chmod: Files & Permissions [TUT]
Thu Jun 04, 2015 12:45 pm by Guest
» Reaver pixiewps
Thu Jun 04, 2015 12:23 pm by voidfletcher
» How To Crash Someone's Skype in 10 SECONDS
Thu Jun 04, 2015 12:20 pm by voidfletcher
» Internet Security & IP Security (IPSec)
Mon May 18, 2015 9:00 pm by voidfletcher
» [Python] Infinite / Definite File Generator
Mon May 18, 2015 8:58 pm by ADS1
» [C#] String Case-Inversion
Mon May 18, 2015 8:57 pm by ADS1
» Rekall Memory Forensic Framework
Sat May 16, 2015 8:55 pm by ADS1