sqlmc icon indicating copy to clipboard operation
sqlmc copied to clipboard
verified publisher icon malvads

Heavily Needed Feature: Pipe mode / Own SQLI Parameter File Input

Open N-N33 opened this issue 1 year ago • 5 comments

I think this tool would be really great if it had a pipe mode or allowed the user to use their own sqli parameter files. Like a -L function where the user can either input a list of domains or a list of potentially vulnerable parameters.

N-N33 avatar Jun 19 '24 02:06 N-N33

i would take a look on it when i have some free time :)

malvads avatar Jun 20 '24 08:06 malvads

I created this script to run the tool from a targets file.

# Creates outputs folder if not exists
if [ ! -d outputs ]; 
then
    mkdir "outputs"
fi

# Iterates over urls
for url in $(cat urls.txt)
do
    # Extracts domain from url
    domain=$(echo $url | sed -e 's|^[^/]*//||' -e 's|/.*$||')

    # Runs sqlmc
    sqlmc -u $url -d 1 -o outputs/$domain.txt;
done;

tomaquet18 avatar Jun 20 '24 10:06 tomaquet18

Cool! But I think it's a better approach to do this in the program itself, like you said, for both params and URL. PRs are open; you can create a fork of the program and develop it yourself, or you can wait for me to fully integrate this :)

malvads avatar Jun 20 '24 11:06 malvads

Yeah, it's just a temporary fix until a version comes out with this feature, or maybe if I have a free moment I'll get into it :)

tomaquet18 avatar Jun 20 '24 14:06 tomaquet18

kkk, it would be great 👍🏻

malvads avatar Jun 20 '24 15:06 malvads