SQLTimeProbe is a simple Python script designed to exploit Time-Based SQL Injection vulnerabilities.
Time-Based SQL Injection is a type of SQL Injection attack that relies on the database management system's (DBMS) time delays to infer information about the database. This script automates the process of exploiting Time-Based SQL Injection vulnerabilities, making it easier to test and secure web applications.
- Automated Time-Based SQL Injection exploitation
- Easy to use with a simple command-line interface
- Retrieve database name and tables with column and column name like [%password%] (and others if you want..)
- Clone the repository:
git clone https://github.com/Orangiuss/SQLTimeProbe.git- Navigate to the SQLTimeProbe directory:
cd SQLTimeProbe- And enjoy ;) :
python sqltimeprobe.py -u <target_url> -p <params_with_fuzz> [-a | --attack] [-V | --verify] [-vv]
python sqltimeprobe.py -u http://example.com -p "test=<@urlencode>OK' AND (SELECT 6222 FROM (FUZZ)Nhou) AND 'VRpn'='VRpn<@/urlencode> [-a | --attack] [-V | --verify] [-vv]
This tool is intended for educational purposes only. Misuse of this tool on websites without prior authorization is illegal and could lead to legal consequences.
Contributions are welcome! Feel free to open an issue or submit a pull request.