WebHacking: README, urllib2 scripts

Web_Security/SQLi/README.md

@@ -5,8 +5,8 @@
 * SQL works by building query statements, these statements are intended to be readbale and intuitive.
 
 
-* A SQL query  search can be easily manipulated and assume that a SQL query search is a reliable command. This means  that SQL searches are capable of passing, unnoticed, by access control mechanisms. 
-* Using methods of diverting standard authentication and by checking the authorization credentials, you can gain access to important information stored in a database. 
+* A SQL query  search can be easily manipulated and assume that a SQL query search is a reliable command. This means  that SQL searches are capable of passing, unnoticed, by access control mechanisms.
+* Using methods of diverting standard authentication and by checking the authorization credentials, you can gain access to important information stored in a database.
 
 * Exploitation:
 	- Dumping contents from the database.
@@ -94,12 +94,12 @@ http://www.website.com/info.php?id=10'
 
 If the website returns the following error:
 
-	You have an error in your SQL syntax...
+		You have an error in your SQL syntax...
 
 It means that this website is vulnerable to SQL.
 
 #### Find the structure of the database
-To find the number of columns and tables in a database we can use [Python's SQLmap](http://sqlmap.org/).  
+To find the number of columns and tables in a database we can use [Python's SQLmap](http://sqlmap.org/).
 
 This application streamlines the SQL injection process by automating the detection and exploitation of SQL injection flaws of a database. There are several automated mechanisms to find the database name, table names, and number of columns.
 
@@ -140,13 +140,13 @@ $ ./sqlmap.py -u <WEBSITE> --dbs
 
 ```
 ./sqlmap -u <WEBSITE> --tables <DATABASE-NAME>
-``` 
+```
 
 * The main objective is to find  usernames and passwords in order to gain access/login to the site, for example in a table named *users*. The sqlmap command is
 
 ```
 ./sqlmap -u <WEBSITE> --columns -D <DATABASE-NAME> -T <TABLE-NAME>
-``` 
+```
 
 This will return information about the columns in the given table.
 
@@ -200,11 +200,11 @@ $name = mysql_real_escape_string($name);
 $SQL = "SELECT * FROM users WHERE username='$name'";
 ```
 
-* Always perform a parse of data that is received from the user (POST and FORM methods). 
+* Always perform a parse of data that is received from the user (POST and FORM methods).
 	- The chars to be checked:```", ', whitespace, ;, =, <, >, !, --, #, //```.
 	- The reserved words: SELECT, INSERT, UPDATE, DELETE, JOIN, WHERE, LEFT, INNER, NOT, IN, LIKE, TRUNCATE, DROP, CREATE, ALTER, DELIMITER.
 
-* Do not display explicit error messages that show the request or a part of the SQL request. They can helpfingerprint the RDBMS(MSSQL, MySQL).
+* Do not display explicit error messages that show the request or a part of the SQL request. They can help fingerprint the RDBMS(MSSQL, MySQL).
 
 * Erase user accounts that are not used (and default accounts).
 

Web_Security/SQLi/sqli_16_brute_force_password.py

@@ -1,7 +1,6 @@
 #!/usr/bin/python
 
-__author__ = "bt3gl"
-__email__ = "bt33gl@gmail.com"
+__author__ = "bt3"
 
 import requests
 import string

Web_Security/SQLi/sqli_18_timed_SQLi.py

@@ -1,7 +1,6 @@
 #!/usr/bin/python
 
-__author__ = "bt3gl"
-__email__ = "bt33gl@gmail.com"
+__author__ = "bt3"
 
 import requests
 import string

Web_Security/SQLi/sqli_COOKIE_brute.py

@@ -1,24 +1,22 @@
 #!/usr/bin/python
 
-__author__ = "bt3gl"
-__email__ = "bt33gl@gmail.com"
+__author__ = "bt3"
 
 import requests
 
-
 def brute_force_password(URL, PAYLOAD, MAXID):
 
     for i in range(MAXID):
         #HEADER ={'Cookie':'PHPSESSID=' + (str(i) + '-admin').encode('hex')}
         r = requests.post(URL, params=PAYLOAD)
-        
+
 	print(i)
 	print r.text
 	id_hex = requests.utils.dict_from_cookiejar(r.cookies)['PHPSESSID']
 	print(id_hex.decode('hex'))
 
 
-     
+
 
 if __name__ == '__main__':