Python Script: MySQL REGEXP Query

    I wrote it up a small script using bWAPP as my DB target to give an example of how to connect to a remote MySQL DB, querying a table for a partial expression.  The bWAPP "secret" column does not have a lot of data to query but if you throw in "a", you'll return two rows:

    (1, u'A.I.M.', u'6885858486f31043e5839c735d99457f045affd0', This email address is being protected from spambots. You need JavaScript enabled to view it.', u'A.I.M. or Authentication Is Missing', None, 1, None, 1)
    (2, u'bee', u'6885858486f31043e5839c735d99457f045affd0', This email address is being protected from spambots. You need JavaScript enabled to view it.', u'Any bugs?', None, 1, None, 1)

    ------

    import mysql.connector

    mydb = mysql.connector.connect(
    host="192.168.0.49",
    user="root",
    passwd="bug",
    database="bWAPP"
    )
    while True:
        table = 'users'
        print
        string = raw_input("[*] Enter search query: ")

        mycursor = mydb.cursor()

        mycursor.execute("SELECT * FROM "+table + " WHERE secret REGEXP '"+string+"'")
        myresult = mycursor.fetchall()

        for x in myresult:
            print(x)





     


    © 2020 sevenlayers.com