Skip to content
/ SQLwp Public

A specialized SQL injection scanner targeting WordPress sites with the TO MiniProgram plugin vulnerable endpoint.

github.com/HackfutSec/SQLwp.git

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

HackfutSec/SQLwp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
scanner.py
scanner.py
 
 
vulnerable.txt
vulnerable.txt
 
 

Repository files navigation

TO MiniProgram SQLi Scanner

(https://imgur.com/a/O2JAO7D)

A specialized SQL injection scanner targeting WordPress sites with the TO MiniProgram plugin vulnerable endpoint.

Features

  • 🚀 High-performance scanning with multi-threading support
  • 🎯 Accurate detection of time-based blind SQL injection vulnerabilities
  • 📋 Multiple target support (single URL or file with URL list)
  • 📊 Clear reporting with color-coded results
  • 💾 Automatic saving of vulnerable targets to vulnerable.txt

Installation

  1. Clone the repository:

    git clone https://github.com/HackfutSec/SQLwp.git
cd SQLwp

  2. Install required dependencies:

    pip3 install -r requirements.txt

Usage

Basic scan (single target)

python3 scanner.py -u http://target-site.com -d 5

Bulk scan (from file)

python3 scanner.py -l targets.txt -t 10 -d 5

Options

Option Description Default
-u, --url Single target URL -
-l, --list File containing list of target URLs -
-d, --delay Sleep time for time-based detection (in seconds) 5
-t, --threads Number of concurrent threads 5

Technical Details

Vulnerability Tested

The scanner checks for SQL injection in the TO MiniProgram WordPress plugin's endpoint:

/wp-json/watch-life-net/v1/comment/getcomments

Payload Used

The scanner sends a time-based blind SQL injection payload:

DESC,(SELECT(1)FROM(SELECT(SLEEP(5)))a)--

Detection Logic

  • The scanner measures response time
  • If response time exceeds the specified delay, vulnerability is confirmed

Output Example

Sample Output

Ethical Use

⚠️ This tool is for authorized security testing only.
⚠️ Always obtain proper authorization before scanning any website.
⚠️ The maintainers are not responsible for misuse of this tool.

Contribution

Contributions are welcome! Please open an issue or pull request for:

  • Bug fixes
  • Feature enhancements
  • Documentation improvements

License

This project is licensed under the MIT License - see the LICENSE file for details.

Contact

🔒 Happy (ethical) hacking! 🔒

About

A specialized SQL injection scanner targeting WordPress sites with the TO MiniProgram plugin vulnerable endpoint.

github.com/HackfutSec/SQLwp.git

Topics

open-source wordpress-plugin python3 cybersecurity bug-bounty web-security vulnerability-detection vulnerability-scanners blind-sql-injection sqlinjection wordpress-security-scanner

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages