THEMOLE(1) General Commands Manual THEMOLE(1)NAME
themole - automatic SQL injection exploitation tool
SYNOPSIS
themole [ -h ] [ -u url ] [ -n needle ] [-t num_threads]
DESCRIPTION
The Mole is a command line interface SQL Injection exploitation tool. This application is able to exploit both union-based and blind bool-
ean-based injections.
Every action The Mole can execute is triggered by a specific command. All this application requires in order to exploit a SQL Injection is
the URL(including the parameters) and a needle(a string) that appears in the server's response whenever the injection parameter generates a
valid query, and does not appear otherwise.
OPTIONS -h Shows the help message and exits.
-u url Sets the url of the mole's instance to url.
-n needle
Sets the needle of the mole's instance to needle. It must be a string that appears when the injection returns true and disappears
when the injection is false.
-t threads
Sets the max number of concurrent requests that the mole will be making. Cannot be changed at runtime.
SEE ALSO
The program provides interactive documentation, refer also to the official README file.
AUTHOR
This manual page was written by Santiago Alessandri <salessandri@nasel.com.ar>
November 24 2011 THEMOLE(1)
Check Out this Related Man Page
MB_STRRICHR(3) 1 MB_STRRICHR(3)mb_strrichr - Finds the last occurrence of a character in a string within another, case insensitiveSYNOPSIS
string mb_strrichr (string $haystack, string $needle, [bool $part = false], [string $encoding = mb_internal_encoding()])
DESCRIPTION mb_strrichr(3) finds the last occurrence of $needle in $haystack and returns the portion of $haystack. Unlike mb_strrchr(3), mb_strrichr(3)
is case-insensitive. If $needle is not found, it returns FALSE.
PARAMETERS
o $haystack
- The string from which to get the last occurrence of $needle
o $needle
- The string to find in $haystack
o $part
- Determines which portion of $haystack this function returns. If set to TRUE, it returns all of $haystack from the beginning to
the last occurrence of $needle. If set to FALSE, it returns all of $haystack from the last occurrence of $needle to the end,
o $encoding
- Character encoding name to use. If it is omitted, internal character encoding is used.
RETURN VALUES
Returns the portion of $haystack. or FALSE if $needle is not found.
SEE ALSO mb_stristr(3), mb_strrchr(3).
PHP Documentation Group MB_STRRICHR(3)
To prevent injection, I want to exit the attached routine if a semi-colon is in the input string. I am using gcc as the compiler.
#include<stdio.h>
#include<stdlib.h>
int sysrun(char *command) {
int num;
char str;
char process = "/xxxx/xxxx/xxxxx/xxxxx/xxxxxx2unix.sh ";
num=0;... (10 Replies)
Hey all,
So, my server has recently been hit with an annoying injection. Most of my files have a nasty little iframe attached to them now.
What I need to do is a recursive search and replace - which I could write in PHP, but then I'd still have to run it more times than I'd like due to memory... (4 Replies)
Hi all,
Can anyone help me on this. I have several WP sites that are affected by sql injections. But the contents are different as follows
western union india belgaum
western union india bolegaon
western union india barhaj
western union india budhana
western union india belda
western... (6 Replies)
Ok. Just getting back into PERL and probably (or most definitely) making a mountain out of a mole hill.
I'm trying to see if a subdirectory exists, and if not, print the slightly modified path of the missing sub to a file. Sounds simple enough. Well here is my elaborate code. Save the... (2 Replies)
Daily Stupid Question:
When I use a cat with a grep I can see "blind SQL injection vulnerablity" highlighted as red and is easily readable
cat file |grep -i 'blind\ SQL\ injection\ vulnerability'
When I add a more to view the results page at a time, the color is taken away and is... (3 Replies)
I want to grep/awk /var/log/httpd/mysite-access_log.log and check if 2 words from the following appear in a single line:
benchmark
union
information_schema
drop
truncate
group_concat
into
file
case
hex
lpad
group
order
having
insert
union
select
from (12 Replies)
Heyas
I've been told my scipts would be insecure, and to fix that.
Figured i might rethink some parts of my coding style, meanwhile i tried to write an additional catcher.
After reading:
fail : Security Issues - didnt help too much, infact - it confused me even more.
n/a:... (8 Replies)
Hi All,
How worried is everyone about the Dirty Cow Linux exploit? Has anybody experienced attacks yet?
From the research I've done it seems that the exploit is "reliable" (that is it works nearly every time on vulverable systems) which is not good news.
We all believe that Unix/Linux... (3 Replies)
Hey.
So... here are the changes.
1. The current home page of the forum is now based on a algo (below) which shows a thread based on this SQL
$select_limit = 1;
$reply_count = 3;
$thread_array = array();
$forum_id = 30; //shell programming
$query = 'SELECT * FROM thread WHERE... (5 Replies)
No rest for the weary, a Revive Ad Server I am responsible for experienced a MySQL injection attack due to a vulnerability uncovered in the past few months. I was busy developing Vue.js code for the forums and thought to myself "I will get around to upgrading to Revive 4.2.0 (supposedly the... (0 Replies)