Understanding the SQL injection attack by a Python script
All SQL injection attacks can be carried out manually. However, you can use Python programming to automate the attack. If you are a good pentester and know how to perform attacks manually, then you can make your own program check this.
In order to obtain the username and password of a website, we must have the URL of the admin or login console page. The client does not provide the link to the admin console page on the website.
Here, Google fails to provide the login page for a particular website. Our first step is to find the admin console page. I remembered that, years ago, I used the URL http://192.168.0.4/login.php, http://192.168.0.4/login.html. Now, web developers have become smart, and they use different names to hide the login page.
Consider that I have more than 300 links to try. If I try it manually, it would take around 1 to 2 days to obtain the web page.
Let's take a look at a small program, login1.py, to find the login page...
