11-05-2021, 12:12 PM
BEEP BEEP
-- Transmission Received / SpotnikInjection --
Hey everybody!
Here I will explain a hobby tool I recently made called SpotnikInjection. I made it to learn more about SQL injection
in a fun way and the logic is based on some techniques I have used on live sites and wanted to automate.
How does it work
It can handle GET and POST requests. If you have a website like "example.com/index.php?id=1" then sometimes
you can do "id=1 and 1 = 1". If this still shows the correct page and "id=1 and 1 = 2" shows something else, then
you can use this tool (if there is no WAF). You can also inject this logic with POST requests. If all goes well then
you should be able to retrieve the databases/tables/columns and rows! It will be saved to an XML file.
Requirements
- Local Apache server with PHP
- Curl (I am on Linux and it's installed by default)
- Write permission on the txt files in the docs folder
Tutorials
I've made two tutorial video's to have a more visual explanation of how it can be used ^^
GET:
POST:
Download
You can download the obfuscated version for FREE on my website. I also was planning to implement an
update feature (using update queries to change HTML content to have a faster loop) and I will make this
a PRO version. If you want the source then you can contact me on my e-mail.
Site:
Image
Feedback
Any feedback and/or possible cool features are always welcome! and if you have any questions or want
some help with other stuff, feel free to message me ^^ Use this tool at own risk, I am not responsible for
your actions. Read the disclaimer provided with the tool carefully!
-- Transmission ended --
EDIT: proof of virustotal:
-- Transmission Received / SpotnikInjection --
Hey everybody!
Here I will explain a hobby tool I recently made called SpotnikInjection. I made it to learn more about SQL injection
in a fun way and the logic is based on some techniques I have used on live sites and wanted to automate.
How does it work
It can handle GET and POST requests. If you have a website like "example.com/index.php?id=1" then sometimes
you can do "id=1 and 1 = 1". If this still shows the correct page and "id=1 and 1 = 2" shows something else, then
you can use this tool (if there is no WAF). You can also inject this logic with POST requests. If all goes well then
you should be able to retrieve the databases/tables/columns and rows! It will be saved to an XML file.
Requirements
- Local Apache server with PHP
- Curl (I am on Linux and it's installed by default)
- Write permission on the txt files in the docs folder
Tutorials
I've made two tutorial video's to have a more visual explanation of how it can be used ^^
GET:
POST:
Download
You can download the obfuscated version for FREE on my website. I also was planning to implement an
update feature (using update queries to change HTML content to have a faster loop) and I will make this
a PRO version. If you want the source then you can contact me on my e-mail.
Site:
[To see links please register here]
Non javascript site:[To see links please register here]
Contact: see site or pm.Image
Feedback
Any feedback and/or possible cool features are always welcome! and if you have any questions or want
some help with other stuff, feel free to message me ^^ Use this tool at own risk, I am not responsible for
your actions. Read the disclaimer provided with the tool carefully!
-- Transmission ended --
EDIT: proof of virustotal: