sqli template

Author: rhergenreder

sqli.py

@@ -22,24 +22,23 @@ def extract_int(self, column: str, table=None, condition=None, offset=None, verb
 
         if not binary_search:
             cur_int = 1
-            while self.blind_sqli(f"({query})>{cur_int}"):
+            while self.blind_sqli(f"({query})>{cur_int}", verbose):
                 cur_int += 1
 
             return cur_int
         else:
             min_value = 1
             max_value = 1
 
-            while self.blind_sqli(f"({query})>{max_value}"):
+            while self.blind_sqli(f"({query})>{max_value}", verbose):
                 min_value = max_value + 1
                 max_value = max_value * 2
 
-            max_value = max_value - 1
             while True:
                 cur_int = (min_value + max_value) // 2
-                if self.blind_sqli(f"({query})>{cur_int}"):
+                if self.blind_sqli(f"({query})>{cur_int}", verbose):
                     min_value = cur_int + 1
-                elif self.blind_sqli(f"({query})<{cur_int}"):
+                elif self.blind_sqli(f"({query})<{cur_int}", verbose):
                     max_value = cur_int - 1
                 else:
                     return cur_int
@@ -67,7 +66,7 @@ def extract_string(self, column: str, table=None, condition=None, offset=None, m
             found = False
             query = self.build_query(f"ascii(substr({column},{len(cur_str) + 1},1))", table, condition, offset)
             for c in charset:
-                if self.blind_sqli(f"({query})={ord(c)}"):
+                if self.blind_sqli(f"({query})={ord(c)}", verbose):
                     found = True
                     cur_str += c
                     if verbose:
@@ -93,20 +92,22 @@ def extract_multiple_strings(self, column: str, table=None, condition=None, verb
 
         return rows
 
+    # Following methods need to be implemented in the exploit
     @abstractmethod
-    def get_database_version(self, verbose=False):
+    def blind_sqli(self, condition: str, verbose=False) -> bool:
         pass
 
+    # Following methods will be implemented by MySQLi, PostgreSQLi, ...
     @abstractmethod
-    def get_current_user(self, verbose=False):
+    def get_database_version(self, verbose=False):
         pass
 
     @abstractmethod
-    def get_current_database(self, verbose=False):
+    def get_current_user(self, verbose=False):
         pass
 
     @abstractmethod
-    def blind_sqli(self, condition: str, verbose=False) -> bool:
+    def get_current_database(self, verbose=False):
         pass
 
     @abstractmethod

template.py

@@ -102,6 +102,7 @@ def register(username, password):
 from bs4 import BeautifulSoup
 from hackingscripts import util, rev_shell
 from hackingscripts.fileserver import HttpFileServer
+from hackingscripts.sqli import MySQLi, PostgreSQLi
 from urllib3.exceptions import InsecureRequestWarning
 requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)