This is a writeup on writing the Metasploit module auxiliary/gather/peplink_bauth_sqli.rb
.
I participated in Google Summer of Code 2020 with Metasploit, and worked on adding a library that would make SQL injection easier to perform in Metasploit modules, while adding support for multiple database-management systems, I provided some metasploit modules making use of the library, this writeup highlights the steps I took to write a module for a boolean-based blind SQL injection vulnerability.
While browsing recent SQL injection CVEs, I came across CVE-2017-8835, after searching a bit, I found it on exploit-db, seeing that the DBMS in-use is SQLite, this looked like a great candidate for testing