#bugbountytips #BugBounty
(1)
Want to detect Error based SQLi easily? I've published one of my private scripts that will help you to do that, just check the thread :)
(2)
Simple python script that helps you to detect SQL injection “Error based” by sending multiple requests with different payloads and checking for 152 regex patterns for different databases.
(3)
How does it work?
It's very simple, just organize your steps as follows
1. Use your subdomain grabber script or tools.
2. Use your links and URLs tools to grab all Wayback URL.
3. Use URO tool to filter them and reduce the noise.
(4)
4. Grep to get all the links that contain parameters only. You can use Grep or GF tool.
5. Pass the final URLs file to the tool, and it will test them.
python3 sqli_detector.py <waybackurls_file.txt>
(5)
Give it a try
github.com/eslam3kl/SQLiD
Eslam Akl
@eslam3kll
Penetration Tester | Bug Hunter (Google, RedHat, Cisco, IBM, MasterCard, Uber, FIS, Spotify and more) | Author of 10 CVEs | Speaker @BSidesCAIRO
Missing some tweets in this thread? Or failed to load images or videos? You can try to .