-
Notifications
You must be signed in to change notification settings - Fork 412
Description
Most utils applies on the target you set in the address bar, other utils like Brute force
and Encoding
do not require any target.
Inject target to get databases, tables, columns and rows.
- Process starts by validating the target then you Right click + Load on the table from the left tree view
- The rows load in a tab on the right and can be sorted, searched and exported
You can also choose the engine and strategy manually in the address bar, or let 💉jSQL
identify the best one automatically.
Scan the target to find existing admin pages using the list on the left.
Page loads in a tab on the right when HTTP response is detected.
Database engine can read the filesystem on target when enough rights is granted to current user, in that case a file can be read via injection.
First start injection on target then choose file path on the left, it opens in a tab on the right when the file exists.
Access to a shell grants system execution on target, provided however that:
- database engine can write the shell into the filesystem
- shell is accessible via the webserver
- shell is interpreted by the PHP server
Start injection on target then choose the shell location on the left, a console opens on the right where you enter system commands to run on remote system.
Similarly to Web shell
but for SQL queries.
Username and password are usually required and can be set on the left. To retrieve such credentials just use tab Read file
to open any file containing the hard-coded credentials (eg. mydb.php).
A target running a PHP server possibly can also create a upload shell.
Choose the shell location on the left when injection is valid, then select a file in your system to start the upload.
Text hashing is usually a one way process but the original text can be found over all permutations with enough compute.
Choose options like hash type and chars range composing the source text, the original text is displayed when computed hash is matching.
Text encoding and decoding is trivial, though often needed during target analysis.
Set text on the top and select method encode or decode, the result is displayed on the bottom.
A list of targets can be conveniently checked in a raw for injection.
Add targets list on the left and start identification, each target is tagged with strategies identified when validated.