katana.units.web.basic_sqli — SQL Injection

Basic SQL Injection

This will attempt basic SQL injection of the form ‘ OR 1=1 # with varying quotes, comment techniques, and nested SQL clauses.

It passes a User-Agent to act as a regular Firefox web browser.

This unit inherits from katana.units.web.WebUnit as that contains lots of predefined variables that can be used throughout multiple web units.

Warning

This unit automatically attempts to perform malicious actions on the target. DO NOT use this in any circumstances where you do not have the authority to operate!

class katana.units.web.basic_sqli.Unit(*args, **kwargs)

Bases: katana.units.web.WebUnit

GROUPS = ['web', 'shell', 'basic_sqli']

These are “tags” for a unit. Considering it is a web unit, “web” is included, as well as the tag “shell”, and the name of the unit itself, “basic_sqli”.

PRIORITY = 25

Priority works with 0 being the highest priority, and 100 being the lowest priority. 50 is the default priorty. This unit has a higher priority.

RECURSE_SELF = False

This unit should not recurse on itself.

enumerate()

Yield cases. This function will attempt to generate all of the potential payload options for basic SQL injection, between single-quotes versus double-quotes, MySQL-style comments or SQLite-style comments or for delimeters and even nested SQL clauses.

Returns:A generator, yielding a tuple with the found values (method, action, username, password, payload)

evaluate(case: Any)

Evaluate the target. Attempt to perform SQL injection on the form found on the target web page.

Parameters:case – A case returned by enumerate. For this unit, the enumerate function will offer the HTTP method, action, username and password argument names, as well as the changing SQL injection payload to test against the remote server. Returns:None. This function should not return any data.