Exploit for sql-injection-detector

Name: Exploit for sql-injection-detector
Rating: 5 (7 reviews)
2026-06-18 | CVSS 5.9
## https://sploitus.com/exploit?id=7EDFA311-6D99-57AF-BEB8-447786D30B1B
# SQL Injection Detector

[![tests](https://github.com/ayondey47/sql-injection-detector/actions/workflows/tests.yml/badge.svg)](https://github.com/ayondey47/sql-injection-detector/actions/workflows/tests.yml)

A dependency-free, **defensive** heuristic that scores strings — form inputs,
query parameters, or web-access-log lines — for SQL-injection signatures:
tautologies, comment terminators, stacked queries, UNION-based extraction,
time-based blind probes, database fingerprinting, and embedded subqueries.

It **URL-decodes** input before matching, so percent-encoded payloads like
`%27%20OR%201=1` are still caught.

> This is a detection aid for reviewing inputs and logs — **not** a WAF and not
> a substitute for parameterized queries. Use it to triage, not to block.

## Install

Python 3.10+ standard library only.

```bash
git clone https://github.com/ayondey47/sql-injection-detector.git
cd sql-injection-detector
```

## Usage

```bash
# Scan a single string
python cli.py "admin' OR '1'='1 --"
#   [SUSPICIOUS score=7] admin' OR '1'='1 --
#       signatures: boolean tautology (OR 1=1), SQL comment terminator, quote break into OR/AND

# Scan each line of a web access log (extracts the request target)
python cli.py --log access.log

# Pipe items via stdin, one per line
cat params.txt | python cli.py -
```

The CLI exits non-zero when anything scores at/above the risk threshold, so it
drops into CI or a log pipeline.

## Library use

```python
from sqliscan import scan, scan_line

f = scan("1 UNION SELECT username, password FROM users")
f.suspicious      # True
f.score           # 5
f.matched         # ['UNION-based extraction', 'SQL statement structure']

scan_line('1.2.3.4 - - [..] "GET /p?id=1%27%20OR%201=1 HTTP/1.1" 200 12').suspicious
```

Signatures are weighted; a total at/above `RISK_THRESHOLD` (default 3) is
reported as suspicious. A lone comment marker scores below threshold, which
keeps benign text (`"price -- discount"`) from false-positiving.

## Tests

```bash
python -m pytest
```

24 tests cover nine known injection classes, six benign inputs that must stay
clean, URL-encoded payloads, score accumulation, common-log-format request
extraction, and the comment-alone-below-threshold guard against false positives.

## License

MIT — see [LICENSE](LICENSE).