Username: 
Password: 
Restrict session to IP 

I have a problem sending data via http post  Go to the Blinded by the light challenge

Global Rank: 3360
Totalscore: 6118
Posts: 6
Thanks: 2
UpVotes: 2
Registered: 11y 279d

Last Seen: 66d 9h
The User is Offline
I have a problem sending data via http post
Google/translate0Thank You!0Good Post!0Bad Post! link
Following python code(2.7.5) is expected to show "Welcome back, user." But it shows "Your password is wrong," (This code does not contain the solution related to this challenge)
import re
import urllib
import urllib2


url = 'http://www.wechall.net/challenge/blind_light/index.php'
headers = { 'Cookie' : 'WC=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'}

values = {'inject' : "' or 1=1#"}
data = urllib.urlencode(values)
req = urllib2.Request(url, data, headers)
response = urllib2.urlopen(req)
html = response.read()
print html

if re.findall("Welcome back, user.",html):
print "success",
else:
print "fail",

I tested this code with my testing website, and it worked well. But in wechall.net it didn't work as expected. Just sending one apostrophe or %27 through this code didn't show 'Database error'. What's the problem?
Global Rank: 31
Totalscore: 316791
Posts: 22
Thanks: 34
UpVotes: 31
Registered: 15y 280d
Mawekl`s Avatar



Last Seen: 3y 110d
The User is Offline
RE: I have a problem sending data via http post
Google/translate1Thank You!0Good Post!0Bad Post! link
Maybe you need to add "Content-Type: application/x-www-form-urlencoded" header field?
Global Rank: 3360
Totalscore: 6118
Posts: 6
Thanks: 2
UpVotes: 2
Registered: 11y 279d

Last Seen: 66d 9h
The User is Offline
RE: I have a problem sending data via http post
Google/translate0Thank You!0Good Post!0Bad Post! link
I tried, but it didn't work.
Global Rank: 3360
Totalscore: 6118
Posts: 6
Thanks: 2
UpVotes: 2
Registered: 11y 279d

Last Seen: 66d 9h
The User is Offline
RE: I have a problem sending data via http post
Google/translate1Thank You!1Good Post!0Bad Post! link
I solved the problem, I should have sent 2 data, {'inject' : "Inject", 'injection' : "~~query~~"}
Redknee, tunelko, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 6772 times.