Author Topic: SQL Injection Vulnerability in Python  (Read 1755 times)

0 Members and 2 Guests are viewing this topic.

Offline Coto

  • Serf
  • *
  • Posts: 21
  • Cookies: -37
    • View Profile
SQL Injection Vulnerability in Python
« on: February 19, 2016, 04:53:47 pm »
Please use the following template:

[Problem]

I can't get this Python script to work.

[Background]

The Program reads every line from File and checks wether it's vulnerable of SQL Injections or not.

[Things I have tried]

Editing the Code a bit.

[Where I am stuck]

Can't get it to import from URL_list.txt and read each line and perform the check for vulnerability on each line (of the File containing the URLs).

My Python 2.7 Code:

Code: [Select]
import requests

with open("URL_list.txt") as f:
    content = f.readlines()

r = requests.get(content+"'")
if "SQL" in (r.content):
print '\033[1;31mVulnerable!'
else:
print '\033[1;32mFailed.'

Offline deltonos

  • Serf
  • *
  • Posts: 36
  • Cookies: -2
    • View Profile
Re: SQL Injection Vulnerability in Python
« Reply #1 on: February 19, 2016, 05:13:54 pm »
Coto, I´m not a Python expert, but

f = open('url_list.txt', 'r')      <--- I´ll open the file as READ mode, maybe?

regards!

Code: [Select]
import requests

with open("URL_list.txt") as f:
    content = f.readlines()

r = requests.get(content+"'")
if "SQL" in (r.content):
print '\033[1;31mVulnerable!'
else:
print '\033[1;32mFailed.'
[/quote]

Offline Coto

  • Serf
  • *
  • Posts: 21
  • Cookies: -37
    • View Profile
Re: SQL Injection Vulnerability in Python
« Reply #2 on: February 19, 2016, 05:18:59 pm »
Nope, again, still only reading first line.

Offline deltonos

  • Serf
  • *
  • Posts: 36
  • Cookies: -2
    • View Profile
Re: SQL Injection Vulnerability in Python
« Reply #3 on: February 19, 2016, 05:41:27 pm »
Coto, are you trying to check if the string exists in a file or into a http request?

Offline Coto

  • Serf
  • *
  • Posts: 21
  • Cookies: -37
    • View Profile
Re: SQL Injection Vulnerability in Python
« Reply #4 on: February 19, 2016, 06:23:35 pm »
What do you mean?

I'm just trying to make the program check first line, add a ' at the end of it, and if the "SQL" exists in the Page Sources, print "Valid".

If not, print "Failed".

After doing it with the first line, then do it to the second line, third etc.

Offline deltonos

  • Serf
  • *
  • Posts: 36
  • Cookies: -2
    • View Profile
Re: SQL Injection Vulnerability in Python
« Reply #5 on: February 19, 2016, 06:41:48 pm »
I never used "requests", as I understant it is for http requests, here my code adapted to search "cmd" at my imperva-ips logs:


Code: [Select]
file = open("imperva.txt", "r")

tosearch= 'cmd'
str(tosearch)

for line in file:
if tosearch in line:
print line
print '\033[1;31mVulnerable!'

else:
print '\033[1;32mFailed.'

Offline gray-fox

  • Knight
  • **
  • Posts: 208
  • Cookies: 52
    • View Profile
Re: SQL Injection Vulnerability in Python
« Reply #6 on: February 19, 2016, 07:02:03 pm »
Function readlines() puts lines of file to list, so when you do:
Code: [Select]
r = requests.get(content+"'")
You are trying to add string " ' " to a list and request whole list. I wonder how you didn't get error there?
Basically you should do something like this:

Code: [Select]
import requests
with open("URL_list.txt", 'r') as f:
    content = f.readlines()

for url in content:
   #strip() strips newline characters.
    if "SQL" in requests.get(url.strip()+"'").content:
        print '\033[1;31mVulnerable!'
    else:
        print '\033[1;32mFailed.'





Code: [Select]
file = open("imperva.txt", "r")

tosearch= 'cmd'
str(tosearch)

for line in file:
if tosearch in line:
print line
print '\033[1;31mVulnerable!'

else:
print '\033[1;32mFailed.'
Using with statement when opening file is good practise to do because it handles files closing etc.
That..
Code: [Select]
str(tosearch)
..doesn't do anything. Or atleast it doesn't save what it does to anywhere, also it's pointless because 'tosearch' -variable is string already.
« Last Edit: February 19, 2016, 07:26:56 pm by gray-fox »

Offline deltonos

  • Serf
  • *
  • Posts: 36
  • Cookies: -2
    • View Profile
Re: SQL Injection Vulnerability in Python
« Reply #7 on: February 19, 2016, 07:31:40 pm »
Thxs master gray-fox!!!!

I hadn´t touch code for 12 or 14 years (in the past C and at school&Uni Modula-2), only many recycled scripts for Linux (and now python in windows)... that helps me!

Offline Coto

  • Serf
  • *
  • Posts: 21
  • Cookies: -37
    • View Profile
Re: SQL Injection Vulnerability in Python
« Reply #8 on: February 19, 2016, 09:51:09 pm »
Function readlines() puts lines of file to list, so when you do:
Code: [Select]
r = requests.get(content+"'")
You are trying to add string " ' " to a list and request whole list. I wonder how you didn't get error there?
Basically you should do something like this:

Code: [Select]
import requests
with open("URL_list.txt", 'r') as f:
    content = f.readlines()

for url in content:
   #strip() strips newline characters.
    if "SQL" in requests.get(url.strip()+"'").content:
        print '\033[1;31mVulnerable!'
    else:
        print '\033[1;32mFailed.'



Using with statement when opening file is good practise to do because it handles files closing etc.
That..
Code: [Select]
str(tosearch)
..doesn't do anything. Or atleast it doesn't save what it does to anywhere, also it's pointless because 'tosearch' -variable is string already.


Thanks mate, that worked! However, after a few executions of the File, I'm facing this output when I run the .py file from Terminal:

Code: [Select]
Traceback (most recent call last):
  File "rgsr.py", line 7, in <module>
    if "SQL" in requests.get(url.strip()+"'").content:
  File "/usr/lib/python2.7/dist-packages/requests/api.py", line 67, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/api.py", line 53, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 437, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='www.angelvestgroup.com', port=80): Max retries exceeded with url: /info.php?id=1' (Caused by NewConnectionError('<requests.packages.urllib3.connection.HTTPConnection object at 0x7fa2d5a5ca50>: Failed to establish a new connection: [Errno -2] Name or service not known',))

EDIT: Never mind, after paying close attention to the output, I saw that the link just doesn't exists. Is there a way I can add an elif statement to my Code, to say if the Site doesn't exist at all?
« Last Edit: February 19, 2016, 09:53:25 pm by Coto »

Offline gray-fox

  • Knight
  • **
  • Posts: 208
  • Cookies: 52
    • View Profile
Re: SQL Injection Vulnerability in Python
« Reply #9 on: February 19, 2016, 10:00:41 pm »
EDIT: Never mind, after paying close attention to the output, I saw that the link just doesn't exists. Is there a way I can add an elif statement to my Code, to say if the Site doesn't exist at all?

Learn excpetion handling to catch the exception and then handle it in way you want. https://wiki.python.org/moin/HandlingExceptions

edit: And imo that error seems to state that you made too many requests in too short time and got blocked because of that.
« Last Edit: February 20, 2016, 01:55:36 am by gray-fox »