BBQSQL
BBQSQL is a framework for blind SQL injection. It is written in Python. This tool makes it much easier to attack complex SQL injection vulnerabilities.
BBQSQL is a free SQL injection framework that exploits the blind SQL injection problem. Using this tool may help you determine whether or not an online app is safe. To utilise a SQL injection tool, you need this information. URL, HTTP Method, Headers, Cookies and Encoding techniques are just a few of the topics covered by BBQSQL. Other topics covered include Files and HTTP Auth. The third stage describes where and how the injection is taking place. There are a number of difficult-to-find and even more elusive SQL injection flaws that may be discovered with BBQSQL. There may be issues with the software. To retrieve data from a database, blind SQL is distinct from ordinary SQL injection.” It is possible to utilise blind SQL injection instead of normal SQL injection.
“Like other SQL injection tools, you must provide a particular amount of request data.
The following must be included:
§ HTTP Method
§ Headers
§ Cookies
§ Encoding methods
§ Redirect behaviour
§ Files
§ HTTP Auth
§ Proxies
§ URL
Then specify where the injection is going and what syntax we are injecting. Read on for details.”
Query
“This is described in greater detail below the query syntax overview.
CSV_output_file
The name of a file to output the results to. Leave this blank if you don’t want the output to a file.”
Technique
When launching a blind SQL injection attack, BBQSQL employs two methods. Binary search is the earliest and most often utilised method.
Frequency search is a second method to consider. Using an examination of the English language, a frequency search may ascertain how often each given letter appears. Non-entropic data may be scanned quickly with this technique, but non-English or obfuscated material may take longer to decipher.
This parameter allows you to choose between binary and frequency searches.
comparison_attr
“What form of SQL injection have you found? You may choose which HTTP response attribute bbqsql should use to determine whether or not a response is true or false.
Status code, URL, time, size, text, content, encoding, cookies, headers, or history may all be specified if desired.
SQL injection that causes various server status codes may be entered here if it has been discovered. Set ‘cookie’ if the cookie is different. Set’size’ if the answer size is different. What I’m trying to convey is clear…
Concurrency
Python’s gevent package is used for concurrency. There are some similarities to threading; however, the details may be found in our DefCon lecture here [insert link here]. This parameter determines how many processors the assault will use simultaneously. This may be used to limit the number of requests and speed up attacks. We’ve been able to set the concurrency to 75 for high-performance web servers like Nginx. This is set to ’30’ by default. Python’s gevent package serves as the foundation for concurrency. However, the intricacies of how this works may be seen in our DefCon lecture [insert the link here]. This parameter determines how many times the assault may be launched simultaneously. This may be used to speed up attacks and thwart requests. In the case of web servers like Nginx, we were able to increase concurrency all the way up to 75. By default, this is set to 30.”
Query Syntax Overview
If you’ve ever encountered an attacker who who could exploit this vulnerability with odd idiosyncrasies (such as certain symbols can’t be included or methods like ASCII/CHAR don’t work), you’ve undoubtedly written a bespoke injection script. With BBQSQL, you can simply copy and paste your unique query syntax and begin exploiting it right away.
The query field is where you will write the query that will extract data from the database. In this case, we’ll assume you’ve previously discovered a susceptible parameter for SQL injection and run a test query that yielded a favourable result…
Example:
“Below is an example query you can use to construct your query.
In this example, the attacker is looking to select the database version:
vulnerable_parameter’; if(ASCII(SUBSTRING((SELECT @@version LIMIT 1 OFFSET ${row_index}) , ${char_index} ,1))) ${comparator:>}ASCII(${char_val}) WAITFOR DELAY ‘0:0:0${sleep}’; —
The query syntax is based on placeholders which tell BBQSQL how to execute the attack.
You need to provide the following placeholders of information in order for the attack to work. Once you put these in your query, bbqSQL will do the rest:
${row_index}: This tells bbqSQL to iterate rows here. Since we are using LIMIT, we can view the n number of the row depending on the ${row_index} value.
${char_index}: This tells bbqSQL which character from the subselect to query.
${char_val}: This tells bbqSQL where to compare the results from the subselect to validate the result.
${comparator}: This is how you tell BBQSQL to compare the responses to determine if the result is accurate or not. By default, the > symbol is used.
${sleep}: This is optional but tells bbqSQL where to insert the number of seconds to sleep when performing time-based SQL injection.
Not all of these placeholders are required. For example, if you have discovered a semi-blind boolean-based SQL injection, you can omit the ${sleep} parameter.”
“There are a lot of tools available for penetration testing for Blind SQL injection such as:
· SQLMAP
· SQLNINJA
· BSQL Hacker
· Mole
· Havij”
Points about BBSQL:
- Still trying to alter SQL syntax
- Dumping database
- More complex SQL syntax
- Binary (or other) search for each character
- One character at a time
- Time-consuming
- Exploits Blind SQL Injection
- For those hard-to-reach spots
- Semi-automatic
- Database agnostic
- Versatile
- Fast
Speed:
- Concurrent HTTP requests
- Multiple search algorithms
- Binary search
I’m more prepared to learn how BBQSQL now that I’ve covered all of the relevant topics. This is how the job should be done: In this essay, we’ll go through some BBQSQL best practices. The prior debate thoroughly covered the advantages and disadvantages of BBQSQL’s speed. You’ll have to install the necessary tools to execute BBQSQL… When problems develop, you can handle them right away. Data is entered into a database, and a True or False question depending on how the computer answers the claims, is generated by the database itself.
Visits: 138
