Module: Msf::Exploit::SQLi
- Defined in:
- lib/msf/core/exploit/sqli.rb,
lib/msf/core/exploit/sqli/common.rb,
lib/msf/core/exploit/sqli/time_based_blind_mixin.rb,
lib/msf/core/exploit/sqli/boolean_based_blind_mixin.rb
Overview
This mixin provides helpers to perform SQL injection
-
provides a level of abstraction for common queries, for example, querying the table names
-
implements blind and time-based SQL injection in a reusable manner
-
Highly extendable (user can run any code to perform the requests, encode payloads and parse results)
Defined Under Namespace
Modules: BooleanBasedBlindMixin, Mssqli, MySQLi, PostgreSQLi, SQLitei, TimeBasedBlindMixin, Utils Classes: Common
Instance Method Summary collapse
-
#create_sqli(dbms:, opts: {}, &query_proc) ⇒ Object
Creates an SQL injection object, this is the method module writers should use.
- #initialize(info = {}) ⇒ Object
Instance Method Details
#create_sqli(dbms:, opts: {}, &query_proc) ⇒ Object
Creates an SQL injection object, this is the method module writers should use
25 26 27 28 29 |
# File 'lib/msf/core/exploit/sqli.rb', line 25 def create_sqli(dbms:, opts: {}, &query_proc) raise ArgumentError, 'Invalid dbms class' unless dbms.is_a?(Class) && dbms.ancestors.include?(Msf::Exploit::SQLi::Common) dbms.new(datastore, framework, user_output, opts, &query_proc) end |