SHARE
TWEET

Untitled

a guest Apr 19th, 2019 72 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python3
  2. import sys
  3. import random
  4.  
  5. import requests
  6.  
  7. import populate
  8.  
  9. if len(sys.argv) < 2:
  10.     print("no seed given.abort.")
  11.     sys.exit(1)
  12.  
  13. seed = sys.argv[1]
  14. users,msgs  = populate.get_data(seed)
  15.  
  16. URL = "http://127.0.0.1:80"
  17.  
  18. # test for users
  19. resp = requests.get(URL+"/users")
  20. assert resp.status_code == 200
  21. assert 'application/json' in resp.headers['content-type']
  22. assert len(resp.json()["users"]) == len(users)
  23.  
  24.  
  25. length = random.randint(1,len(users))
  26. resp = requests.get(URL+"/users?limit=" + str(length))
  27. assert resp.status_code == 200
  28. assert 'application/json' in resp.headers['content-type']
  29. assert len(resp.json()["users"]) == length
  30.  
  31. length = -1
  32. resp = requests.get(URL+"/users?limit=" + str(length))
  33. assert resp.status_code == 500
  34.  
  35. resp = requests.get(URL+"/users?limit=1' or '1'='1")
  36. assert resp.status_code == 500
  37.  
  38. # test for messages
  39. resp = requests.get(URL+"/messages")
  40. assert resp.status_code == 200
  41. assert 'application/json' in resp.headers['content-type']
  42. assert len(resp.json()) == len(msgs)
  43.  
  44. first = resp.json()[0]["name"]
  45. resp = requests.post(URL+"/messages",data = {'name':first})
  46. assert resp.status_code == 200
  47. assert len(resp.json()) == 1
  48.  
  49. print("TESTING /users SQLI")
  50. resp = requests.post(URL+"/messages",data = {'name':"he' OR '1'='1"})
  51. print("TESTING DONE #1/users SQLI => %d" % resp.status_code)
  52. assert resp.status_code == 200
  53. print("TESTING DONE #2/users SQLI")
  54.  
  55. a = "G"
  56. b = "O"
  57. c = "D"
  58. print(a + b * 2 + c)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top