-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstudy_sql_injection.py
58 lines (54 loc) · 1.45 KB
/
study_sql_injection.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
import random
# Common SQL injection payloads
payloads = [
"' OR '1'='1",
"'; DROP TABLE Users; --",
"' UNION SELECT ALL FROM Users; --",
"' OR 'a'='a",
"' OR 1=1 --",
"' OR 'a'='a' --",
"' OR 1=1#",
"' OR 1=1/*",
]
def generate_sql_injection_payloads():
payloads = [
"' OR '1'='1",
"'; DROP TABLE Users; --",
"' UNION SELECT ALL FROM Users; --",
"' OR 'a'='a",
"' OR 1=1 --",
"' OR 'a'='a' --",
"' OR 1=1#",
"' OR 1=1/*",
]
return random.choice(payloads)
# Example SQL injection detection function
def detect_sql_injection(query):
# Simple detection based on common patterns (for demonstration purposes)
injection_patterns = [
" OR ",
" AND ",
" UNION ",
"SELECT ",
"INSERT ",
"UPDATE ",
"DELETE ",
"DROP ",
"--",
"#",
"/*",
]
for pattern in injection_patterns:
if pattern in query.upper():
return True
return False
# Example usage
if __name__ == "__main__":
for _ in range(10): # Generate and test 10 payloads
payload = generate_sql_injection_payloads()
print(f"Generated Payload: {payload}")
query = f"SELECT * FROM Users WHERE Username = '{payload}'"
if detect_sql_injection(query):
print("Potential SQL injection detected.")
else:
print("No SQL injection detected.")