0

i am trying to send sql query to my wordpress database using adminer script but the problem im missing somthing needed to be sent as body or headers in my opinion ( if i'm wrong please connect me )

Request raw

POST /REV/adminer-4.7.5-en.php?server=localhost&username=adepfran_wp975&db=adepfran_wp975&sql=select%20*%20from%20wplj_users HTTP/1.1
Host: mywebsite
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://mywebsite/REV/adminer-4.7.5-en.php?server=localhost&username=adepfran_wp975&db=adepfran_wp975&sql=
Content-Type: multipart/form-data; boundary=---------------------------1328964205768204682490124619
Content-Length: 425
Cookie: adminer_sid=00e0c898e031284904f8e51b591c1dee; adminer_key=320bc6e9870ffdf2f54982cb2292de87
Connection: close
Upgrade-Insecure-Requests: 1
-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="query"
select * from wplj_users
-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="limit"
-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="token"
401937:659783
-----------------------------1328964205768204682490124619--

Headers raw

-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="query"
select * from wplj_users
-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="limit"
-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="token"
401937:659783
-----------------------------1328964205768204682490124619--

also i intercepted the requests using Burp Suite to clarify further

Request raw

Request raw

Request parameters

Request parameters

Request Headers

Request parameters

my actual code 

ses = requests.Session()
 data = {"server": "localhost",
 "username": wpuser,
 "db": wpdb,
 "sql": "SELECT * from wplj_users"}
 url="https://mywebsite/REV/adminer-4.7.5-en.php?server=localhost&username=adepfran_wp975&db=adepfran_wp975&sql=SELECT%20*%20from%20wplj_users"
 request = ses.post(url,data=data )

the request without limit,query,token (Content-Disposition) does not return the wanted response , how can i pass them ?

tripleee
192k37 gold badges319 silver badges370 bronze badges
asked Jan 2, 2020 at 13:12
12
  • can't you connect directly to database and send query using some of MySQL module? Commented Jan 2, 2020 at 14:11
  • if you want to uses requests then maybe first send GET to main page to get fresh cookies and fresh session ID - and Session() will automatically add it to POST. If normally you have to login to adminer then your code has to also login to adminer. Commented Jan 2, 2020 at 14:13
  • it looks like you may have to send it as files=, not as data= Commented Jan 2, 2020 at 14:18
  • thats a part of my code i have already connected in the adminer and tested the session cookies the major problem i want to send this ------WebKitFormBoundaryyxYbgqzZBgPMzQXH Content-Disposition: form-data; name="query" select * from wplj_termmeta ------WebKitFormBoundaryyxYbgqzZBgPMzQXH Content-Disposition: form-data; name="limit" ------WebKitFormBoundaryyxYbgqzZBgPMzQXH Content-Disposition: form-data; name="token" 792550:799199 ------WebKitFormBoundaryyxYbgqzZBgPMzQXH-- Commented Jan 2, 2020 at 14:19
  • you have to send it as requests.post(..., files={"sql": "select * from wplj_termmeta", ...}) Commented Jan 2, 2020 at 14:23

1 Answer 1

1

It seems you have to send it as files=

For test I used https://httpbin.org which send back all what you get in requests so I can display it and compare with expected data

In files I used (None, "SELECT * from wplj_users") so this None will remove filename="query"

import requests
params = {
 'server': 'localhost',
 'username': 'adepfran_wp975',
 'db': 'adepfran_wp975',
 'sql': 'SELECT * from wplj_users',
 }
data = {
 "query": (None, "SELECT * from wplj_users"),
 "limit": (None, ""),
 "token": (None, "401937:659783"),
}
headers = {
 'User-Agent': 'Mozilla/5.0',
 #'Referer': 'https://mywebsite/REV/adminer-4.7.5-en.php?server=localhost&username=adepfran_wp975&db=adepfran_wp975&sql='
 # requests.Session() should care of cookies so this header shouldn't be needed
 #'Cookie': 'adminer_sid=00e0c898e031284904f8e51b591c1dee; adminer_key=320bc6e9870ffdf2f54982cb2292de87'
}
url = "https://httpbin.org/post"
#url = "https://mywebsite/REV/adminer-4.7.5-en.php"
s = requests.Session()
#r = s.get(url) # to get fresh cookies
r = s.post(url, params=params, headers=headers, files=data)
print('\n=== url ===\n')
print(r.request.url)
print('\n=== headers ===\n')
for key, val in r.request.headers.items():
 print('{}: {}'.format(key, val))
print('\n=== body ===\n')
print(r.request.body.decode())

Results

=== url ===
https://httpbin.org/post?server=localhost&username=adepfran_wp975&db=adepfran_wp975&sql=SELECT+%2A+from+wplj_users
=== headers ===
User-Agent: Mozilla/5.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Length: 331
Content-Type: multipart/form-data; boundary=79f18e4306b943ea92a49bae21b51b9c
=== body ===
--79f18e4306b943ea92a49bae21b51b9c
Content-Disposition: form-data; name="query"
SELECT * from wplj_users
--79f18e4306b943ea92a49bae21b51b9c
Content-Disposition: form-data; name="limit"
--79f18e4306b943ea92a49bae21b51b9c
Content-Disposition: form-data; name="token"
401937:659783
--79f18e4306b943ea92a49bae21b51b9c--
answered Jan 2, 2020 at 14:40
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.