Merge pull request #3 from malvads/add_multi_param

Add multi param

sqlmc/VERSION

@@ -1 +1 @@
-1.0.0
+1.1.0

sqlmc/lib/injector.py

@@ -0,0 +1,27 @@
+class Injector:
+    @staticmethod
+    def inject(url):
+        query_start = url.find('?')
+        if query_start == -1:
+            return url
+
+        base_url = url[:query_start]
+        query_string = url[query_start+1:]
+        params = query_string.split('&')
+
+        modified_params = []
+        for param in params:
+            key_value = param.split('=')
+            if len(key_value) == 2:
+                key = key_value[0]
+                value = key_value[1]
+                # Add single quotes around the value
+                modified_value = f"{value}'"
+                modified_params.append(f"{key}={modified_value}")
+            else:
+                modified_params.append(param)
+
+        modified_query_string = '&'.join(modified_params)
+        modified_url = f"{base_url}?{modified_query_string}"
+
+        return modified_url

sqlmc/lib/scanner.py

@@ -3,6 +3,7 @@
 import logging
 from datetime import datetime
 from sqlmc.lib.error import Checker
+from sqlmc.lib.injector import Injector
 from bs4 import BeautifulSoup
 
 logging.basicConfig(level=logging.INFO)
@@ -29,6 +30,7 @@ async def get_server(self):
                 return response.headers.get('Server', 'Unknown')
 
     async def test_for_sql_injection(self, url):
+        url = Injector.inject(url)
         async with aiohttp.ClientSession() as session:
             async with session.get(url + "'") as response:
                 return self.check(await response.text())
@@ -60,6 +62,8 @@ async def scan(self, url, depth):
                 await asyncio.gather(*tasks)
         except aiohttp.ClientError:
             pass
+        except UnicodeDecodeError:
+            pass
 
     async def scan_single_link(self, href, depth):
         vulnerable, db = await self.test_for_sql_injection(href)