Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if ('POST' eq request_method && param('username') && param('password')){
- my $dbh = DBI->connect( "DBI:mysql:natas30","natas30", "<censored>", {'RaiseError' => 1});
- my $query="Select * FROM users where username =".$dbh->quote(param('username')) . " and password =".$dbh->quote(param('password'));
- my $sth = $dbh->prepare($query);
- $sth->execute();
- my $ver = $sth->fetch();
- if ($ver){
- print "win!<br>";
- print "here is your result:<br>";
- print @$ver;
- }
- else{
- print "fail :(";
- }
- $sth->finish();
- $dbh->disconnect();
- }
- use strict;
- use warnings;
- {
- package Natas30Clone;
- use DBI;
- use HTTP::Server::Simple::CGI;
- our @ISA = qw(HTTP::Server::Simple::CGI);
- my %dispatch = (
- '/login.pl' => &resp_index,
- );
- sub handle_request {
- my $self = shift;
- my $cgi = shift;
- my $path = $cgi->path_info();
- my $handler = $dispatch{$path};
- if (ref($handler) eq "CODE") {
- print "HTTP/1.0 200 OKrn";
- $handler->($cgi);
- } else {
- print "HTTP/1.0 404 Not foundrn";
- print $cgi->header,
- $cgi->start_html('Nothing to see'),
- $cgi->h1('Move along sir'),
- $cgi->h2('You can got to localhost:8080/login.pl?username=user&password=pass'),
- $cgi->end_html;
- }
- }
- sub resp_index {
- my $cgi = shift;
- return if !ref $cgi;
- my $dbh = DBI->connect( "DBI:mysql:natas30","root", "toor", {'RaiseError' => 1});
- my $username = $cgi->param('username');
- my $quoted_username = $dbh->quote($username);
- my $password = $cgi->param('password');
- my $quoted_password = $dbh->quote($password);
- my $query="Select * FROM users where username =" . $quoted_username . " and password =" . $quoted_password;
- my $sth = $dbh->prepare($query);
- $sth->execute();
- my $ver = $sth->fetch();
- if ($ver){
- print $cgi->header,
- $cgi->start_html("WIN!"),
- $cgi->h1(@$ver),
- $cgi->h2("You succeeded with query " . $query),
- $cgi->h2("Suplied parameters U:" . $username . " P:" . $password),
- $cgi->h2("Quoted parameters U:" . $quoted_username . " P:" . $quoted_password),
- $cgi->end_html;
- } else {
- print $cgi->header,
- $cgi->start_html("FAIL!"),
- $cgi->h2("You failed with query " . $query),
- $cgi->h2("Suplied parameters U:" . $username . " P:" . $password),
- $cgi->h2("Quoted parameters U:" . $quoted_username . " P:" . $quoted_password),
- $cgi->end_html;
- }
- $sth->finish();
- $dbh->disconnect();
- }
- }
- my $pid = Natas30Clone->new(8080)->background();
- print "Use 'kill $pid' to stop server.n";
- +---------+----------+
- | user | password |
- +---------+----------+
- | natas30 | natas30 |
- +---------+----------+
- import requests
- session = requests.Session()
- def natas30(url):
- params={"username": "natas30", "password": "natas30"}
- response = session.post(url, data=params)
- print(response.text)
- if __name__ == '__main__':
- url = 'http://localhost:8080/login.pl'
- natas30(url)
- <!DOCTYPE html
- PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
- <head>
- <title>WIN!</title>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- </head>
- <body>
- <h1>natas30 natas30</h1>
- <h2>You succeeded with query Select * FROM users where username ='natas30' and password ='natas30'</h2>
- <h2>Suplied parameters U:natas30 P:natas30</h2>
- <h2>Quoted parameters U:'natas30' P:'natas30'</h2>
- </body>
- </html>
Add Comment
Please, Sign In to add comment