{"id":21081866,"url":"https://github.com/avielyo10/sqli","last_synced_at":"2025-03-14T04:40:30.370Z","repository":{"id":103398044,"uuid":"177401687","full_name":"Avielyo10/sqli","owner":"Avielyo10","description":"SQLi small lab on the university moodle","archived":false,"fork":false,"pushed_at":"2019-03-24T10:52:32.000Z","size":1485,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-20T23:31:06.860Z","etag":null,"topics":["python","sql-injection-attacks"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Avielyo10.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-24T10:51:31.000Z","updated_at":"2019-04-30T20:01:08.000Z","dependencies_parsed_at":"2023-07-07T12:16:52.066Z","dependency_job_id":null,"html_url":"https://github.com/Avielyo10/sqli","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Avielyo10%2Fsqli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Avielyo10%2Fsqli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Avielyo10%2Fsqli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Avielyo10%2Fsqli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Avielyo10","download_url":"https://codeload.github.com/Avielyo10/sqli/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243526862,"owners_count":20305112,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["python","sql-injection-attacks"],"created_at":"2024-11-19T20:11:17.994Z","updated_at":"2025-03-14T04:40:30.347Z","avatar_url":"https://github.com/Avielyo10.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# SQLi Lab\n\n## Installation\n\n`pip install git+https://github.com/Avielyo10/sqli`  \n\n![sqli-session.gif](screenshots/sqli-session.gif)\n\n## Usage\n\nRun `sqli [options ...]`.  \n\nOptions:\n\n* `-w` to get a summary on stdout in addition to `output.out`.\n* `-t` to run the test case before running the program.\n\n## Screenshots  \n\nIn this part I just changed the `php?id=\u003csome_number\u003e` to jump to another course.  \nHere I tried consecutive numbers from the page I started from.\n\n![1.png](screenshots/1.png)\n![2.png](screenshots/2.png)\n![3.png](screenshots/3.png)\n![4.png](screenshots/4.png)\n![5.png](screenshots/5.png)\n\n---\nAn example of a page with access as a guest.\n![non-reg.png](screenshots/non-reg.png)\n\n---\n\n## Q3\n\nThe weakness here is that the `.php` is visible, to solve this issue see: [StackOverflow - How to hide .php from address bar?](https://stackoverflow.com/questions/5831683/how-to-hide-php-from-address-bar).\n\n---\n\n## Q4\n\nHere you can find the [output](output.out) file contains all the open pages on our moodle.\nWhat I did to improve the efficiency is to iterate all the categories with all the possible courses, to achieve that I chose this prefix `\u0026browse=courses\u0026perpage=10000\u0026page=0`, this will guarantee having all the courses on the same page from a certain category.  \n\nIf course is open, there is an \"unlock\" symbol next to it.\nSo instead of iterating on each and every course, I looked on the overall\npage, and look for this symbol, if found - return the link to it.\n\n---\n\n## Q5\n\nI couldn't find any vulnerability inside the search bar since they use parameterized queries so I couldn't change the intent of the query, I tried to do some escaping, but all I got is the same search results without the shadow on the searched word.  \nSome other vulnerabilities I found:\n![sqli_findings.png](screenshots/sqli_findings.png)\n\n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favielyo10%2Fsqli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Favielyo10%2Fsqli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favielyo10%2Fsqli/lists"}