Hey ^^
I am kinda new here but I wanted to share with you what I have been working on this last month or so.
It's 2 projects and in this thread I will talk about SpotnikInjection. It's a local website that can do a GET
and POST attack. It can do this by looping through all possible characters and sending the requests
with curl. I will include two tutorials at the bottom of this post with a GET and POST example on how you
can use this.
You have two steps. In the first step you will define what a good and a bad response is (for the software
to know the difference at step 2) and the second step you will systematically go through the SQL attack
phases. You start by checking if you can retrieve simple data. Then you will retrieve the databases, tables,
columns and lastly the rows.
You can download the obfuscated version for FREE at my website https://spotniksignal.com/. It's kind of
a weird website but I know you will be able to figure it out haha. You can also send me an e-mail if you
wish to buy the source code (it's not super pretty, hobby project). E-mail: electricalyellowbeam@dnmx.org
I also was thinking of implementing a faster method by being able to update content on a given website, to
retrieve the data. That will be included in the pro version if people are interested. You btw only need an
apache local server and curl installed. And don't forget to give write permission to the files in the docs folder!
If you have any questions feel free to ask ^^ and I hope I can contribute more in the future.
GET tutorial:
POST tutorial:
I am kinda new here but I wanted to share with you what I have been working on this last month or so.
It's 2 projects and in this thread I will talk about SpotnikInjection. It's a local website that can do a GET
and POST attack. It can do this by looping through all possible characters and sending the requests
with curl. I will include two tutorials at the bottom of this post with a GET and POST example on how you
can use this.
You have two steps. In the first step you will define what a good and a bad response is (for the software
to know the difference at step 2) and the second step you will systematically go through the SQL attack
phases. You start by checking if you can retrieve simple data. Then you will retrieve the databases, tables,
columns and lastly the rows.
You can download the obfuscated version for FREE at my website https://spotniksignal.com/. It's kind of
a weird website but I know you will be able to figure it out haha. You can also send me an e-mail if you
wish to buy the source code (it's not super pretty, hobby project). E-mail: electricalyellowbeam@dnmx.org
I also was thinking of implementing a faster method by being able to update content on a given website, to
retrieve the data. That will be included in the pro version if people are interested. You btw only need an
apache local server and curl installed. And don't forget to give write permission to the files in the docs folder!
If you have any questions feel free to ask ^^ and I hope I can contribute more in the future.
GET tutorial:
POST tutorial: