Automated_SQL_Exploit

**************************************** README FILE *************************************

Product Name: Automated_SQL_Exploit (ExtractDataUsingBlindSqlInjection.py) Authors: Varun Gaur, ASU ID: 1210414176 Shreyas Talele, ASU ID: 1209355546 Date: 29-April-2016 Subject Name: CSE 545 - Software Security Project Name: Blind SQL injection

ABSTRACT This project once deployed based on instructions provided in ReadMe, performs data extraction from vulnerable URL. It is a standalone python program which accept Command Line inputs like vulnerable URL, GET or POST based mode of extraction etc. Program run in two mode

1. Fully automated: Here program extract the current user schema details which any user intervention
2. User input based extraction: Here program asks for user input to identify which specific data user want to extract like specific scheme User looking for etc.

**************************************** CONTENTS *****************************************

I. DELIVERABLES II. HOW TO EXECUTE PROGRAM III. MINIMUM SYSTEM REQUIREMENTS IV. LIBRARIES REQUIRED V. FEEDBACK & UPDATES

I. DELIVERABLES

Following files are delivered for this project:

1. ExtractDataUsingBlindSqlInjection.py

II. HOW TO EXECUTE PROGRAM

LINUX

1. Run the above file using following command: python ExtractDataUsingBlindSqlInjection.py
2. It will execute above file and will expect from user to provide input.

**** Further details with screenshots are attached in TestCasesReport.pdf file ****

III. MINIMUM SYSTEM REQUIREMENTS

LINUX ¥ Ubuntu 14.04 64-bit ¥ Ubuntu 14.04 32-bit

IV. LIBRARIES REQUIRED ¥ Ubuntu 14.04 64-bit/32-bit ¥ Python 2.7+ ¥ Python libraries : urllib,urllib2

V. FEEDBACK & UPDATES For any updates and feedback, please contact : Varun Gaur (ASU ID : 1210414176), Shreyas Talele (ASU ID: 1209355546)

****************************************** END ***********************************************