Author is not responsible for any damage or illegal actions caused by the use of this program.
Use on your own risk!
Use on your own risk!
SQL injection is yet another common vulnerability that is the result of lax input validation. Unlike cross-site scripting vulnerabilities that are ultimately directed at your site’s visitors, SQL injection is an attack on the site itself—in particular its database. The goal of SQL injection is to insert arbitrary data, most often a database query, into a string that’s eventually executed by the database. The insidious query may attempt any number of actions, from retrieving alternate data, to modifying or removing information from the database.
TheMole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.
TheMole Features
* Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
* Command line interface. Different commands trigger different actions.
* Auto-completion for commands, command arguments and database, table and columns names.
* Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
* Developed in python 3.
TheMole Installation:
Download themole - Tarball-gzipped format: themole-0.2.6-lin-src.tar.gz
Once the dependencies have been installed:
Untar the sources file. You can do this with tar xfz themole-0.2.6-lin-src.tar.gz. You will now have a folder with the name thmole-0.2.6 with the sources inside it. Now run themole using comand:
python3 mole.pythere are some arguments that can be given to the program, read the README file to learn about them.
./mole.py -u 'http://vulnerable_site_url.com/other.php?id=1' -n 'admin'The mole will start and give us a prompt, look at the README file for more details regarding the themole commands.
0 comments:
Post a Comment