Username: 
Password: 
Restrict session to IP 

I have a problem sending data via http post  Go to the Blinded by the light challenge

Global Rank: 2779
Totalscore: 6266
Posts: 6
Thanks: 2
UpVotes: 2
Registered: 7y 103d

Last Seen: 14d 19h
The User is Offline
I have a problem sending data via http post
Google/translate0Thank You!0Good Post!0Bad Post! link
Following python code(2.7.5) is expected to show "Welcome back, user." But it shows "Your password is wrong," (This code does not contain the solution related to this challenge)
import re
import urllib
import urllib2


url = 'http://www.wechall.net/challenge/blind_light/index.php'
headers = { 'Cookie' : 'WC=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'}

values = {'inject' : "' or 1=1#"}
data = urllib.urlencode(values)
req = urllib2.Request(url, data, headers)
response = urllib2.urlopen(req)
html = response.read()
print html

if re.findall("Welcome back, user.",html):
print "success",
else:
print "fail",

I tested this code with my testing website, and it worked well. But in wechall.net it didn't work as expected. Just sending one apostrophe or %27 through this code didn't show 'Database error'. What's the problem?
Global Rank: 19
Totalscore: 337054
Posts: 22
Thanks: 34
UpVotes: 31
Registered: 11y 104d
Mawekl`s Avatar



Last Seen: 1y 100d
The User is Offline
RE: I have a problem sending data via http post
Google/translate1Thank You!0Good Post!0Bad Post! link
Maybe you need to add "Content-Type: application/x-www-form-urlencoded" header field?
Global Rank: 2779
Totalscore: 6266
Posts: 6
Thanks: 2
UpVotes: 2
Registered: 7y 103d

Last Seen: 14d 19h
The User is Offline
RE: I have a problem sending data via http post
Google/translate0Thank You!0Good Post!0Bad Post! link
I tried, but it didn't work.
Global Rank: 2779
Totalscore: 6266
Posts: 6
Thanks: 2
UpVotes: 2
Registered: 7y 103d

Last Seen: 14d 19h
The User is Offline
RE: I have a problem sending data via http post
Google/translate1Thank You!1Good Post!0Bad Post! link
I solved the problem, I should have sent 2 data, {'inject' : "Inject", 'injection' : "~~query~~"}
Redknee, tunelko, silenttrack, qdxy, n0tHappy, TheHiveMind, Z, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0 have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 4495 times.